Every CVE whose affected-product data names Gnu Grub2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (48)
CVE-2024-56737 — CVSS 8.8 (high): GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2022-2601 — CVSS 8.6 (high): A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the…
CVE-2021-20233 — CVSS 8.2 (high): A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the…
CVE-2020-10713 — CVSS 8.2 (high): A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process…
CVE-2020-25632 — CVSS 8.2 (high): A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without…
CVE-2022-28734 — CVSS 8.1 (high): Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal…
CVE-2022-28733 — CVSS 8.1 (high): Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets(…
CVE-2025-61662 — CVSS 7.8 (high): A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext…
CVE-2025-1125 — CVSS 7.8 (high): When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to…
CVE-2025-0689 — CVSS 7.8 (high): When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal…
CVE-2025-0678 — CVSS 7.8 (high): A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the…
CVE-2024-45782 — CVSS 7.8 (high): A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy()…
CVE-2020-25647 — CVSS 7.6 (high): A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds…
CVE-2023-4692 — CVSS 7.5 (high): An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted…
CVE-2020-14372 — CVSS 7.5 (high): A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is…
CVE-2020-27779 — CVSS 7.5 (high): A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker…
CVE-2015-8370 — CVSS 7.4 (high): Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive…
CVE-2022-3775 — CVSS 7.1 (high): When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained…
CVE-2021-3697 — CVSS 7.0 (high): A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a…
CVE-2023-4001 — CVSS 6.8 (medium): An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file…
CVE-2024-45780 — CVSS 6.7 (medium): A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly…
CVE-2021-20225 — CVSS 6.7 (medium): A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer…
CVE-2020-14309 — CVSS 6.7 (medium): There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of…
CVE-2020-27749 — CVSS 6.7 (medium): A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their…
CVE-2022-28735 — CVSS 6.7 (medium): The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded…
CVE-2024-2312 — CVSS 6.7 (medium): GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks…
CVE-2024-45777 — CVSS 6.7 (medium): A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position()…
CVE-2022-28736 — CVSS 6.4 (medium): There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems…
CVE-2025-0686 — CVSS 6.4 (medium): A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled…
CVE-2020-14308 — CVSS 6.4 (medium): In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size…
CVE-2021-3418 — CVSS 6.4 (medium): If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature…
CVE-2025-0684 — CVSS 6.4 (medium): A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled…
CVE-2020-15705 — CVSS 6.4 (medium): GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems…
CVE-2025-0685 — CVSS 6.4 (medium): A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the…
CVE-2020-15706 — CVSS 6.4 (medium): GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by…
CVE-2024-45779 — CVSS 6.0 (medium): An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to…
CVE-2019-14865 — CVSS 5.9 (medium): A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example…
CVE-2020-15707 — CVSS 5.7 (medium): Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in…
CVE-2020-14311 — CVSS 5.7 (medium): There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an…
CVE-2020-14310 — CVSS 5.7 (medium): There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1…
CVE-2024-56738 — CVSS 5.3 (medium): GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2023-4693 — CVSS 5.3 (medium): An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a…
CVE-2021-46705 — CVSS 5.1 (medium): A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local…
CVE-2021-3695 — CVSS 4.5 (medium): A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause…
CVE-2021-3696 — CVSS 4.5 (medium): A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap…
CVE-2024-45778 — CVSS 4.1 (medium): A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to…
CVE-2021-3981 — CVSS 3.3 (low): A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non…
CVE-2024-1048 — CVSS 3.3 (low): A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary…