CVE-2019-14865

Summary

CVE	CVE-2019-14865
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-11-29 10:15:00 UTC
Updated	2023-02-12 23:36:00 UTC
Description	A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Risk And Classification

Problem Types: CWE-267

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Grub2	-	All	All	All
Application	Gnu	Grub2	-	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.1	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
1764925 – (CVE-2019-14865) CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable	MISC	bugzilla.redhat.com
oss-sec: grub2-set-bootflag utility causes grubenv corruption rendering the system un-bootable	MISC	seclists.org	Mailing List, Third Party Advisory
1764925 – (CVE-2019-14865) CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

377367 Alibaba Cloud Linux Security Update for grub2 (ALINUX3-SA-2021:0026)