CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
suseCNA
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
gnugrub2
𝑥
< 2.06-150400.7.1
gnugrub2
𝑥
< 2.06-18.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub2
bullseye (security)
2.06-3~deb11u6
fixed
bullseye
2.06-3~deb11u6
fixed
bookworm
2.06-13+deb12u1
fixed
bookworm (security)
2.06-13+deb12u1
fixed
sid
2.12-5
fixed
trixie
2.12-5
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1190474
https://bugzilla.suse.com/show_bug.cgi?id=1190474