ALT-PU-2025-2525-4

Package update grub in branch p10

Version2.12-alt4

Published2026-03-07

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.6

Уязвимость механизма защиты паролем загрузчика операционных систем Grub2, позволяющая нарушителю обойти установленный контроль доступа

Published: 2024-01-17Modified: 2024-04-02

CVSS 3.xMEDIUM 5.6

CVSS:3.x/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:N

References

CVE-2023-4001

MEDIUM6.8

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Published: 2024-01-15Modified: 2024-11-21

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Closed bugs (9)

Предложение добавить в grub --class altlinux

grub-mkrescue не находит /usr/share/grub/unicode.pf2

grub-efi не находит grub.cfg на ноутбуке Acer Swift 3

grub-efi-autoupdate для removable

Default kernel isn't /boot/vmlinuz

grub не может определить файловую систему, созданную xfsprogs 6.6.0-alt1

Не загружается grub-pc 2.12-alt1 (Legacy BIOS)

Новая версия ломает загрузку с nvme

Установить --> Установка