CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1190474 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

History

23 Mar 2023, 17:22

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 5.5
v2 : 2.1
v3 : 4.4

22 Mar 2022, 16:07

Type Values Removed Values Added
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190474 - (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1190474 - Exploit, Issue Tracking, Vendor Advisory
First Time Gnu
Gnu grub2
Opensuse factory
Suse
Suse linux Enterprise Server
Opensuse
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 5.5
CPE cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

16 Mar 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-16 10:15

Updated : 2023-12-10 14:22


NVD link : CVE-2021-46705

Mitre link : CVE-2021-46705

CVE.ORG link : CVE-2021-46705


JSON object : View

Products Affected

gnu

  • grub2

opensuse

  • factory

suse

  • linux_enterprise_server
CWE
CWE-377

Insecure Temporary File