What is CVE-2015-8370?

CVE-2015-8370 is a high-severity vulnerability in Gnu Grub2, classified under CWE-264. CVSS score: 7.4/10. Published 2015-12-16.

How severe is CVE-2015-8370?

High severity. CVSS v3 base score is 7.4 out of 10.

Is CVE-2015-8370 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Integer overflow in Gnu Grub2

CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_use…

EPSS: 0.047 (89.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Gnu Grub2 — versions 1.98, 1.99, 2.00
Fedoraproject Fedora — versions 23
N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

integeruser/on-pwning

References

cve@mitre.org
openSUSE-SU-2015:2392 (vendor-advisory)
openSUSE-SU-2016:0036 (vendor-advisory)
cve@mitre.org (Exploit)
79358 (vdb-entry)
openSUSE-SU-2015:2375 (vendor-advisory)
1034422 (vdb-entry)
cve@mitre.org (Patch)
SUSE-SU-2015:2387 (vendor-advisory)
SUSE-SU-2015:2386 (vendor-advisory)

Frequently asked questions

What is CVE-2015-8370?: CVE-2015-8370 is a high-severity vulnerability in Gnu Grub2, classified under CWE-264. CVSS score: 7.4/10. Published 2015-12-16.
How severe is CVE-2015-8370?: High severity. CVSS v3 base score is 7.4 out of 10.
Is CVE-2015-8370 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.