threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnu grub2
Product
gnu grub2
49 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-61662
<= 2.14
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the ge
7.8
HIGH
CVE-2025-0686
<= 2.12
A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-cont
6.4
MEDIUM
CVE-2025-0685
<= 2.12
A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters f
6.4
MEDIUM
CVE-2025-0684
<= 2.12
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-contro
6.4
MEDIUM
CVE-2025-0678
<= 2.12
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters f
7.8
HIGH
CVE-2024-45782
<= 2.12
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a
7.8
HIGH
CVE-2024-45778
<= 2.12
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing
4.1
MEDIUM
CVE-2025-1125
<= 2.12
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata
7.8
HIGH
CVE-2025-0689
<= 2.12
When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its in
7.8
HIGH
CVE-2024-45780
<= 2.12
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to prop
6.7
MEDIUM
CVE-2024-45779
<= 2.12
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2
6.0
MEDIUM
CVE-2024-45777
<= 2.12
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_
6.7
MEDIUM
CVE-2024-56738
<= 2.12
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attac
5.3
MEDIUM
CVE-2024-56737
<= 2.12
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
8.8
HIGH
CVE-2024-2312
< 2.12-1ubuntu5
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table h
6.7
MEDIUM
CVE-2024-1048
all versions
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a tem
3.3
LOW
CVE-2023-4001
all versions
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration
6.8
MEDIUM
CVE-2023-4693
< 2.12
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to pres
5.3
MEDIUM
CVE-2023-4692
< 2.12
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially c
7.5
HIGH
CVE-2022-28736
>= 2.00 and < 2.06-3
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating sy
6.4
MEDIUM
CVE-2022-28735
>= 2.00 and < 2.06-3
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be
6.7
MEDIUM
CVE-2022-28734
>= 2.00 and < 2.06-3
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its int
8.1
HIGH
CVE-2022-28733
>= 2.00 and < 2.06-3
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip
8.1
HIGH
CVE-2022-3775
<= 2.06
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is co
7.1
HIGH
CVE-2022-2601
<= 2.06
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating
8.6
HIGH
CVE-2021-3697
>= 2.00 and < 2.12
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.
7.0
HIGH
CVE-2021-3696
>= 2.00 and < 2.12
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in
4.5
MEDIUM
CVE-2021-3695
>= 2.00 and < 2.12
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to
4.5
MEDIUM
CVE-2021-46705
< 2.06-150400.7.1
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows loca
5.1
MEDIUM
CVE-2021-3981
<= 2.06
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing
3.3
LOW
CVE-2021-3418
< 2.06
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signatur
6.4
MEDIUM
CVE-2021-20233
< 2.06
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on
8.2
HIGH
CVE-2021-20225
< 2.06
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocate
6.7
MEDIUM
CVE-2020-27779
< 2.06
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged
7.5
HIGH
CVE-2020-27749
< 2.06
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their c
6.7
MEDIUM
CVE-2020-25647
< 2.06
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bound
7.6
HIGH
CVE-2020-25632
< 2.06
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependenc
8.2
HIGH
CVE-2020-14372
< 2.06
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot i
7.5
HIGH
CVE-2020-14311
< 2.06
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic lin
5.7
MEDIUM
CVE-2020-14310
< 2.06
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MA
5.7
MEDIUM
CVE-2020-14309
< 2.06
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name le
6.7
MEDIUM
CVE-2020-10713
< 2.06
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification p
8.2
HIGH
CVE-2020-14308
< 2.06
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocatio
6.4
MEDIUM
CVE-2020-15707
<= 2.04
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shi
5.7
MEDIUM
CVE-2020-15706
<= 2.04
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered
6.4
MEDIUM
CVE-2020-15705
<= 2.04
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects
6.4
MEDIUM
CVE-2019-14865
all versions
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for
5.9
MEDIUM
CVE-2015-8370
all versions
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensi
7.4
HIGH
CVE-2009-4128
all versions
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin