Bug 1764925 (CVE-2019-14865)

Summary: CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bootloader-eng-team, fmartine, hdegoede, huzaifas, javierm, jstodola, lkundrak, pjanda, pjones, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-04 14:09:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1772866, 1776580, 1778887    
Bug Blocks: 1764926    
Attachments:
Description Flags
Patch-1
none
Patch-2 none

Description Dhananjay Arunesh 2019-10-24 04:50:22 UTC 
A flaw was found in the grub2-set-bootflag utility of grub2. When the utility is run under resource pressure (by setting RLIMIT), it can cause grub2 config files to be truncated leaving the system non-bootable on subsequent reboots.
Comment 1 Huzaifa S. Sidhpurwala 2019-10-24 06:26:40 UTC 
Acknowledgments:

Name: Tavis Ormandy
Comment 7 Huzaifa S. Sidhpurwala 2019-11-24 12:52:38 UTC 
Statement:

grub-set-bootflag is a command line to set bootflags in GRUB's stored environment. This is a downstream utility which is shipped with Red Hat Enterprise Linux 8 and Fedora. A flaw was found in this application which would could allow a local attacker (someone having a local account on the system) to cause grub configuration files to be truncated. Whenever the machine was rebooted, grub would fail to read the configuration files and the system would be rendered unbootable.
Comment 8 Huzaifa S. Sidhpurwala 2019-11-24 12:55:13 UTC 
Mitigation:

Remove the "grub-set-bootflag" from the system, by manually the deleting the binary file. Note: On subsequent updates of the "grub2-tools-minimal" rpm, the file will be re-installed.
Comment 9 Huzaifa S. Sidhpurwala 2019-11-25 03:09:13 UTC 
Created attachment 1639336 [details]
Patch-1
Comment 10 Huzaifa S. Sidhpurwala 2019-11-25 03:09:39 UTC 
Created attachment 1639337 [details]
Patch-2
Comment 11 Huzaifa S. Sidhpurwala 2019-11-26 03:22:02 UTC 
Created grub2 tracking bugs for this issue:

Affects: fedora-all [bug 1776580]
Comment 12 Huzaifa S. Sidhpurwala 2019-11-26 03:47:36 UTC 
External References:

https://seclists.org/oss-sec/2019/q4/101
Comment 14 errata-xmlrpc 2020-02-04 13:11:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0335 https://access.redhat.com/errata/RHSA-2020:0335
Comment 15 Product Security DevOps Team 2020-02-04 14:09:46 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14865