grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
History

Thu, 19 Dec 2024 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important


Wed, 13 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Suse
Suse opensuse Tumbleweed
Weaknesses CWE-276
CPEs cpe:2.3:a:suse:opensuse_tumbleweed:*:*:*:*:*:*:*:*
Vendors & Products Suse
Suse opensuse Tumbleweed
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
Description grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
Title grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published: 2024-11-13T14:44:23.659Z

Updated: 2024-11-13T18:32:06.515Z

Reserved: 2024-10-15T13:20:07.748Z

Link: CVE-2024-49504

cve-icon Vulnrichment

Updated: 2024-11-13T18:30:56.119Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-13T15:15:07.767

Modified: 2024-11-13T19:35:15.447

Link: CVE-2024-49504

cve-icon Redhat

Severity : Important

Publid Date: 2024-11-13T14:44:23Z

Links: CVE-2024-49504 - Bugzilla