CVE-2024-1048: 
Rocky Linux vulnerability analysis and mitigation

A vulnerability (CVE-2024-1048) was discovered in the grub2-set-bootflag utility of grub2. This flaw emerged after the fix of CVE-2019-14865, where grub2-set-bootflag creates a temporary file with new grubenv content and renames it to the original grubenv file. The vulnerability was discovered in February 2024 and affects various versions of grub2, particularly in Red Hat Enterprise Linux and Fedora distributions (OSS Security).

The vulnerability occurs when the program is killed before the rename operation, causing the temporary file to remain unremoved. This can be triggered through various methods, including RLIMIT_FSIZE triggering SIGXFSZ or through careful timing of signals. The issue has been assigned a CVSS v3.1 Base Score of 3.3 (Low) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (Red Hat Advisory).

When exploited, this vulnerability can lead to filesystem resource exhaustion. Multiple invocations of the program can fill up the /boot partition (or root filesystem if /boot is not separate) with temporary files. Since these files are small, the filesystem is likely to run out of free inodes before running out of blocks, preventing the creation of new files while still allowing data addition to existing files (OSS Security).

Patches have been released to address this vulnerability in various distributions. Red Hat has released security updates RHSA-2024:2456 for RHEL 9 and RHSA-2024:3184 for RHEL 8. Fedora has also released updates (grub2-2.06-118.fc39 for Fedora 39 and grub2-2.06-116.fc38 for Fedora 38). The fixes include changes to prevent temporary file accumulation and RLIMIT_NPROC bypass (Red Hat Advisory, Fedora Update).