Vulnerabilities > CVE-2021-46705 - Insecure Temporary File vulnerability in GNU Grub2

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

local

low complexity

gnu

CWE-377

NVD

Published: 2022-03-16

Updated: 2023-03-23

Summary

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Grub2 - GNU Grub2 1.98 GNU Grub2 1.99 GNU Grub2 2.00 GNU Grub2 2.01 GNU Grub2 2.02 GNU Grub2 2.04 GNU Grub2 2.06 GNU Grub2 2.06-18.1	9
Application	Opensuse Opensuse Factory -	1
OS	Suse Suse Linux Enterprise Server 15	1

Common Weakness Enumeration (CWE)

CWE-377 - Insecure Temporary File

References

https://bugzilla.suse.com/show_bug.cgi?id=1190474