ALT-PU-2025-4232-2

Package update grub in branch p11

Version2.12-alt10

Published2025-03-19

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.6

Уязвимость механизма защиты паролем загрузчика операционных систем Grub2, позволяющая нарушителю обойти установленный контроль доступа

Published: 2024-01-17Modified: 2024-04-02

CVSS 3.xMEDIUM 5.6

CVSS:3.x/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:C/A:N

References

CVE-2023-4001

MEDIUM6.8

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Published: 2024-01-15Modified: 2024-11-21

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Closed bugs (1)

Не грузится на RAID10+LVM+LUKS2