CVE-2019-14865

MEDIUM

grub2 - Info Disclosure

Title source: llm

Description

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

References (4)

[Mailing List, Third Party Advisory] https://seclists.org/oss-sec/2019/q4/101

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2020:0335

[Third Party Advisory] http://www.openwall.com/lists/oss-security/2024/02/06/3

Scores

CVSS v3 5.9

EPSS 0.0004

EPSS Percentile 11.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Details

CWE

CWE-267

Status published

Products (1)

gnu/grub2

Published Nov 29, 2019

Tracked Since Feb 18, 2026