3.3

CVE-2024-1048

Grub2: grub2-set-bootflag can be abused by local (pseudo-)users

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGrub2 Version-
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
FedoraprojectFedora Version40
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.183
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
secalert@redhat.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

http://www.openwall.com/lists/oss-security/2024/02/06/3
https://access.redhat.com/errata/RHSA-2024:2456
https://access.redhat.com/errata/RHSA-2024:3184
https://access.redhat.com/security/cve/CVE-2024-1048
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2256827
Vendor Advisory
Issue Tracking
https://www.openwall.com/lists/oss-security/2024/02/06/3
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/
https://security.netapp.com/advisory/ntap-20240223-0007/