{
  "threat_severity" : "Moderate",
  "public_date" : "2019-11-25T00:00:00Z",
  "bugzilla" : {
    "description" : "grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable",
    "id" : "1764925",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1764925"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-267",
  "details" : [ "A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.", "A flaw was found in the grub2-set-bootflag utility of grub2.  A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots." ],
  "statement" : "grub-set-bootflag is a command line to set bootflags in GRUB's stored environment. This is a downstream utility which is shipped with Red Hat Enterprise Linux 8 and Fedora. A flaw was found in this application which would could allow a local attacker (someone having a local account on the system) to cause grub configuration files to be truncated. Whenever the machine was rebooted, grub would fail to read the configuration files and the system would be rendered unbootable.",
  "acknowledgement" : "Red Hat would like to thank Tavis Ormandy for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-02-04T00:00:00Z",
    "advisory" : "RHSA-2020:0335",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "grub2-1:2.02-78.el8_1.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14865\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14865\nhttps://seclists.org/oss-sec/2019/q4/101" ],
  "name" : "CVE-2019-14865",
  "mitigation" : {
    "value" : "Remove the \"grub-set-bootflag\" from the system, by manually the deleting the binary file. Note: On subsequent updates of the \"grub2-tools-minimal\" rpm, the file will be re-installed.",
    "lang" : "en:us"
  },
  "csaw" : false
}