{"schema_version": "1.3.1", "id": "RLSA-2021:2566", "modified": "2023-02-02T14:09:36.714018Z", "published": "2021-06-29T13:41:47Z", "related": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "summary": "Moderate: fwupd security update", "details": "The fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n* grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n* grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n* grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n* grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n* grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n* grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "fwupd", "purl": "pkg:rpm/rocky-linux/fwupd?distro=rocky-linux-8-4-legacy&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.5.9-1.el8_4"}], "database_specific": {"yum_repository": "BaseOS"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2021:2566"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}