CVE-2019-14865
MEDIUMGRUB2 - Denial of Service via grub2-set-bootflag Utility
Title source: llmDescription
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2019/q4/101
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0335
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/02/06/3
Scores
CVSS v3
5.9
EPSS
0.0033
EPSS Percentile
24.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Details
CWE
CWE-267
Status
published
Products (1)
gnu/grub2
Published
Nov 29, 2019
Tracked Since
Feb 18, 2026