Bug 1764925 (CVE-2019-14865) - CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable
Summary: CVE-2019-14865 grub2: grub2-set-bootflag utility causes grubenv corruption re...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-14865
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1772866 1776580 1778887
Blocks: 1764926
TreeView+ depends on / blocked
 
Reported: 2019-10-24 04:50 UTC by Dhananjay Arunesh
Modified: 2020-02-04 14:09 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Clone Of:
Environment:
Last Closed: 2020-02-04 14:09:46 UTC


Attachments (Terms of Use)
Patch-1 (994 bytes, patch)
2019-11-25 03:09 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff
Patch-2 (4.04 KB, patch)
2019-11-25 03:09 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0335 None None None 2020-02-04 13:11:24 UTC

Description Dhananjay Arunesh 2019-10-24 04:50:22 UTC
A flaw was found in the grub2-set-bootflag utility of grub2. When the utility is run under resource pressure (by setting RLIMIT), it can cause grub2 config files to be truncated leaving the system non-bootable on subsequent reboots.

Comment 1 Huzaifa S. Sidhpurwala 2019-10-24 06:26:40 UTC
Acknowledgments:

Name: Tavis Ormandy

Comment 7 Huzaifa S. Sidhpurwala 2019-11-24 12:52:38 UTC
Statement:

grub-set-bootflag is a command line to set bootflags in GRUB's stored environment. This is a downstream utility which is shipped with Red Hat Enterprise Linux 8 and Fedora. A flaw was found in this application which would could allow a local attacker (someone having a local account on the system) to cause grub configuration files to be truncated. Whenever the machine was rebooted, grub would fail to read the configuration files and the system would be rendered unbootable.

Comment 8 Huzaifa S. Sidhpurwala 2019-11-24 12:55:13 UTC
Mitigation:

Remove the "grub-set-bootflag" from the system, by manually the deleting the binary file. Note: On subsequent updates of the "grub2-tools-minimal" rpm, the file will be re-installed.

Comment 9 Huzaifa S. Sidhpurwala 2019-11-25 03:09:13 UTC
Created attachment 1639336 [details]
Patch-1

Comment 10 Huzaifa S. Sidhpurwala 2019-11-25 03:09:39 UTC
Created attachment 1639337 [details]
Patch-2

Comment 11 Huzaifa S. Sidhpurwala 2019-11-26 03:22:02 UTC
Created grub2 tracking bugs for this issue:

Affects: fedora-all [bug 1776580]

Comment 12 Huzaifa S. Sidhpurwala 2019-11-26 03:47:36 UTC
External References:

https://seclists.org/oss-sec/2019/q4/101

Comment 14 errata-xmlrpc 2020-02-04 13:11:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0335 https://access.redhat.com/errata/RHSA-2020:0335

Comment 15 Product Security DevOps Team 2020-02-04 14:09:46 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14865


Note You need to log in before you can comment on or make changes to this bug.