CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
gnugrub2
𝑥
< 2.06-150400.7.1
gnugrub2
𝑥
< 2.06-18.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub2
bookworm
2.06-13+deb12u1
fixed
bookworm (security)
2.06-13+deb12u1
fixed
bullseye
2.06-3~deb11u6
fixed
bullseye (security)
2.06-3~deb11u6
fixed
sid
2.12-5
fixed
trixie
2.12-5
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
grub2
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-arm64-efi
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-i386-pc
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-powerpc-ieee1275
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-s390x-emu
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-snapper-plugin
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-systemd-sleep-plugin
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-efi
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1190474
https://bugzilla.suse.com/show_bug.cgi?id=1190474