Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-1048

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

Published

2024-02-06T18:15:59.250

Last Modified

2024-11-21T08:49:40.727

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Secondary
CWE-459
Type: Primary
CWE-459

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	grub2	-	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	fedoraproject	fedora	40	Yes

References

https://access.redhat.com/errata/RHSA-2024:2456 ([email protected])
https://access.redhat.com/errata/RHSA-2024:3184 ([email protected])
https://access.redhat.com/security/cve/CVE-2024-1048 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2256827 Issue Tracking, Vendor Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2024/02/06/3 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/02/06/3 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2456 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:3184 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2024-1048 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2256827 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240223-0007/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2024/02/06/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)