Total vulnerabilities in the database
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
| Software | From | Fixed in |
|---|---|---|
| relax-and-recover / relax-and-recover | - | 2.7.x |
| suse / linux_enterprise | 15.0 | 15.0.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux | 9.0 | 9.0.x |
| fedoraproject / fedora | 39 | 39.x |