CVE-2023-4001
medium
CVSS v3
β
CVSS v4 NEW
β
VIR risk
5.5
Description
Moderate: grub2 security update
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description grub2: bypass the GRUB password protection feature CVSS v3: 6.8 (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 9grub2-1:2.06-70.el9_3.2RHSA-2024:04682024-01-25T00:00:00Z Red Hat Enterprise Linux 9.0 Extended Update Supportgrub2-1:2.06-27.el9_0.16RHSA-2024:04372024-01-25T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
grub2: bypass the GRUB password protection feature
CVSS v3: 6.8 (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 9 | grub2-1:2.06-70.el9_3.2 | RHSA-2024:0468 | 2024-01-25T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Extended Update Support | grub2-1:2.06-27.el9_0.16 | RHSA-2024:0437 | 2024-01-25T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | grub2-1:2.06-61.el9_2.2 | RHSA-2024:0456 | 2024-01-25T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 8 | grub2 | Not affected |
Apply commands
Apply RHSA-2024:0468 for Red Hat Enterprise Linux 9
yum update -y grub2
# or:
dnf upgrade -y grub2Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 8 | Not affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | grub2-efi-aa64-modules-2.06-70.el9_3.2.alma.1.noarch.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0 |
| sid | Fixed | 0 |
| forky | Fixed | 0 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
References
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.