pkg:Debian/grub2
71 total CVEsHIGH32MEDIUM35LOW1
✅ Check your installed version
All known vulnerabilities
- HIGH8.8CVE-2024-56737GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.from 0
- from 0, < 2.06-3~deb11u4
- from 0, < 2.06-3~deb10u3
- from 0, < 2.06-3~deb11u4
- from 0, < 2.06-3~deb10u2
- from 0, < 2.04-16
- from 0, < 2.04-16
- from 0, < 2.02+dfsg1-20+deb10u1
- from 0, < 2.04-9
- HIGH8.1CVE-2022-28733Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets…from 0, < 2.06-3~deb11u1
- from 0
- from 0
- from 0
- HIGH7.8CVE-2025-1125When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calcu…from 0
- HIGH7.8CVE-2025-0689When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal bu…from 0
- from 0, < 2.06-3~deb10u4
- from 0, < 2.06-3~deb11u6
- from 0, < 2.06-3~deb11u6
- HIGH7.8CVE-2022-28736There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems tha…from 0, < 2.06-3~deb11u1
- HIGH7.8CVE-2022-28735The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.from 0, < 2.06-3~deb11u1
- from 0
- from 0, < 2.04-16
- from 0, < 2.04-16
- from 0, < 2.04-16
- from 0, < 2.02+dfsg1-20+deb10u4
- HIGH7.5CVE-2017-9763The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remot…from 0, < 2.02~beta2-8
- from 0, < 1.98+20100804-14+squeeze2
- from 0, < 2.02~beta2-33
- from 0, < 1.99-27+deb7u3
- HIGH7.1CVE-2022-3775When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained…from 0, < 2.06-3~deb11u4
- HIGH7.0CVE-2022-28734Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal dat…from 0, < 2.06-3~deb11u1
- HIGH7.0CVE-2021-3697A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.from 0, < 2.06-3~deb11u1
- from 0
- from 0
- from 0
- MEDIUM6.7CVE-2024-45776When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer.from 0
- from 0
- MEDIUM6.7CVE-2024-2312GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks afte…from 0, < 2.12-2
- from 0, < 2.04-16
- from 0, < 2.04-16
- MEDIUM6.7CVE-2020-14309There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of U…from 0, < 2.04-9
- from 0
- from 0
- from 0
- from 0
- from 0
- MEDIUM6.4CVE-2020-14308In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size.from 0, < 2.04-9
- MEDIUM6.4CVE-2020-15707Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in D…from 0, < 2.04-9
- MEDIUM6.4CVE-2020-15706GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefi…from 0, < 2.04-9
- MEDIUM6.1CVE-2025-0690The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is…from 0
- from 0
- MEDIUM6.0CVE-2020-14311There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems.from 0, < 2.04-9
- MEDIUM6.0CVE-2020-14310There is an issue on grub2 before version 2.06 at function read_section_as_string().from 0, < 2.04-9
- MEDIUM5.9CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption.from 0
- from 0
- MEDIUM5.3CVE-2024-56738GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.from 0
- MEDIUM5.2CVE-2024-45775A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argumen…from 0
- MEDIUM4.9CVE-2025-61664A vulnerability in the GRUB2 bootloader has been identified in the normal module.from 0
- MEDIUM4.9CVE-2025-61663A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk.from 0
- MEDIUM4.9CVE-2025-54771A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader).from 0
- MEDIUM4.9CVE-2025-54770A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk.from 0
- MEDIUM4.8CVE-2025-61661A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component.from 0
- from 0, < 2.06-3~deb11u6
- MEDIUM4.5CVE-2021-3696A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader.from 0, < 2.06-3~deb11u1
- MEDIUM4.5CVE-2021-3695A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area.from 0, < 2.06-3~deb11u1
- from 0
- from 0
- LOW3.3CVE-2021-3981A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non priv…from 0
- —CVE-2024-49504grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.from 0
- —CVE-2013-4577A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as de…from 0, < 2.00-20
- —CVE-2009-4128GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easie…from 0, < 1.97+20091115-1