A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Gnu
  • Grub2
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus

Configuration 1 [-]

AND
cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
grub2-1:2.02-78.el8_1.1 cpe:/o:redhat:enterprise_linux:8 RHSA-2020:0335 2020-02-04T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2024/02/06/3 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0335 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14865 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-14865 cve-icon
https://seclists.org/oss-sec/2019/q4/101 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-14865 cve-icon
History

Tue, 29 Apr 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server Tus
CPEs cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Vendors & Products Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server Tus

Tue, 29 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-29T09:50:12.000Z

Updated: 2025-02-13T16:27:23.142Z

Reserved: 2019-08-10T00:00:00.000Z

Link: CVE-2019-14865

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-11-29T10:15:12.830

Modified: 2025-04-29T20:39:59.300

Link: CVE-2019-14865

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-11-25T00:00:00Z

Links: CVE-2019-14865 - Bugzilla