ByteOS Network

NVD Vulnerability Details :

CVE-2019-14865

Analyzed

Source-secalert@redhat.com

Published At-29 Nov, 2019 | 10:15

Updated At-29 Apr, 2025 | 20:39

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Secondary	3.0	5.9	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

GNU

>>grub2>>-

cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>8.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.1

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.2

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.4

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.6

cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_eus>>8.8

cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>8.2

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>8.4

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_aus>>8.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.2

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.4

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.6

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server_tus>>8.8

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-267	Primary	secalert@redhat.com
NVD-CWE-noinfo	Secondary	nvd@nist.gov

CWE ID: CWE-267

Type: Primary

Source: secalert@redhat.com

CWE ID: NVD-CWE-noinfo

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2024/02/06/3	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0335	secalert@redhat.com	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865	secalert@redhat.com	Issue Tracking Third Party Advisory
https://seclists.org/oss-sec/2019/q4/101	secalert@redhat.com	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/02/06/3	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0335	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Third Party Advisory
https://seclists.org/oss-sec/2019/q4/101	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory