CVE-2008-3896
EPSS 0.14%
Description
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
How to fix CVE-2008-3896
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/grub—no fix listed
Is CVE-2008-3896 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0