An IT safety alert replace for recognized vulnerabilities has been issued for Grub. You can learn the outline of the safety hole together with the most recent updates and details about the affected Linux and Windows working programs and merchandise right here.
Federal Office for Security in Information Technology (BSI) printed an replace on May 21, 2024 for the Grub safety vulnerability recognized on February 6, 2024. The safety vulnerability impacts Linux and Windows working programs and merchandise Amazon Linux 2, Red Hat Enterprise Linux, Fedora Linux and Open Source Grub.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3184 (From 22 May 2024). Some helpful assets are listed later on this article.
Grub security discover – Risk: low
Risk stage: 3 (low)
CVSS Base Score: 3.2
CVSS interim rating: 3.0
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS customary makes it doable to check potential or precise safety dangers primarily based on numerous standards with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances which will change over time are thought of within the take a look at. According to the CVSS, the present vulnerability menace is taken into account “low” with a base rating of three.2.
Grub Bug: A vulnerability allows a denial of service
Grand Unified Bootloader (Grub) is a free bootloader program from the GNU Project.
A neighborhood attacker might exploit a vulnerability in Grub to carry out a denial of service assault.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-1048 on the market.
Systems affected by the Grub vulnerability at a look
Operating programs
Linux, Windows
Products
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Open supply Grub 2 (cpe:/a:gnu:grub)
General suggestions for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often verify the required sources to see if a brand new safety replace is accessible.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3184 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2456 vom 2024-04-30 (29.04.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-2499 vom 2024-03-19 (18.03.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-097EB22907 vom 2024-02-22 (22.02.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-C1FABEE30E vom 2024-02-22 (22.02.2024)
For extra info, see:
Red Hat Bugzilla dated 2024-02-06 (06.02.2024)
For extra info, see:
GitHub Advisory Database vom 2024-02-06 (06.02.2024)
For extra info, see:
Version historical past of this safety alert
This is model 5 of this Grub IT safety discover. This doc can be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.
02/06/2024 – First model
02/22/2024 – New updates from Fedora added
March 18, 2024 – Added new updates from Amazon
April 29, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial word: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de