Bug 2256827 (CVE-2024-1048) - CVE-2024-1048 grub2: grub2-set-bootflag can be abused by local (pseudo-)users
Summary: CVE-2024-1048 grub2: grub2-set-bootflag can be abused by local (pseudo-)users
Keywords:
Status: NEW
Alias: CVE-2024-1048
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2263036
Blocks: 2256826
TreeView+ depends on / blocked
 
Reported: 2024-01-04 16:07 UTC by Rohit Keshri
Modified: 2024-04-30 10:54 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:2456 0 None None None 2024-04-30 10:54:09 UTC

Description Rohit Keshri 2024-01-04 16:07:33 UTC 
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or out of free blocks.

Reference:
https://www.openwall.com/lists/oss-security/2024/02/06/3
Comment 3 Guilherme de Almeida Suckevicz 2024-02-06 17:23:24 UTC 
Created grub2 tracking bugs for this issue:

Affects: fedora-all [bug 2263036]
Comment 4 Marta Lewandowska 2024-03-25 08:29:36 UTC 
This is duplicating https://issues.redhat.com/browse/RHEL-20747 which is set to RELEASE PENDING. I believe this can be closed.
Comment 5 errata-xmlrpc 2024-04-30 10:54:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:2456
Note You need to log in before you can comment on or make changes to this bug.