CVE-2021-46705

Summary

CVE	CVE-2021-46705
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-16 10:15:00 UTC
Updated	2023-03-23 17:22:00 UTC
Description	A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.

Risk And Classification

Problem Types: CWE-377

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Grub2	All	All	All	All
Application	Opensuse	Factory	-	All	All	All
Operating System	Suse	Linux Enterprise Server	15	sp4	All	All

References

Reference	Source	Link	Tags
Bug 1190474 – VUL-0: CVE-2021-46705: grub2: grub2-once uses fixed file name in /var/tmp	CONFIRM	bugzilla.suse.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Ludwig Nussel of SUSE

There are currently no legacy QID mappings associated with this CVE.