CVE-2015-8370
Published: 11 December 2015
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
Priority
Status
Package | Release | Status |
---|---|---|
grub2 Launchpad, Ubuntu, Debian |
upstream |
Needed
|
precise |
Released
(1.99-21ubuntu3.19)
|
|
trusty |
Released
(2.02~beta2-9ubuntu1.6)
|
|
vivid |
Released
(2.02~beta2-22ubuntu1.4)
|
|
wily |
Released
(2.02~beta2-29ubuntu0.2)
|
|
Patches: distro: https://bugzilla.redhat.com/attachment.cgi?id=1100986&action=diff |