CVE-2019-14865
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/11/2019
Last modified:
29/04/2025
Description
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2024/02/06/3
- https://access.redhat.com/errata/RHSA-2020:0335
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
- https://seclists.org/oss-sec/2019/q4/101
- http://www.openwall.com/lists/oss-security/2024/02/06/3
- https://access.redhat.com/errata/RHSA-2020:0335
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865
- https://seclists.org/oss-sec/2019/q4/101