CVE-2015-8370 [High] | Integer Overflow in Grub2

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-09	5.05%	4.70%	-0.35%
2	2026-04-01	3.05%	5.05%	+2.00%
3	2026-02-26	—	3.05%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-05-09

5.05%

4.70%

-0.35%

2026-04-01

3.05%

5.05%

+2.00%

2026-02-26

—

3.05%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.4	3.1	HIGH	`CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.4	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0
6.9	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	3.4	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.4

3.1

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.4

5.9

134c704f-9b21-4f2e-91b3-4a467353bcc0

6.9

2.0

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

3.4

10.0

[email protected]

OS Trackers for CVE-2015-8370

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2015-8370 not yet assigned priority: Debian including 1 source packages (grub2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2015-8370
`gentoo`	normal	CVE-2015-8370: 1 GLSA(s) (201512-03), 1 atom(s) (sys-boot/grub); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-8370
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2015-8370
`suse`	medium	CVE-2015-8370 severity moderate: SUSE including 448 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 532 product×package rows across 53 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 11 SP3, … (53 product lines)): Fixed 375, Known Affected 157.	https://www.suse.com/security/cve/CVE-2015-8370/
`ubuntu`	medium	CVE-2015-8370 medium priority: Ubuntu including 1 source packages (grub2), 5 status rows across 5 suites (precise, trusty, upstream, vivid, wily): released 4, needed 1.	https://ubuntu.com/security/CVE-2015-8370

Affected software / configurations for CVE-2015-8370

Vendor	Product	Version	Raw CPE
gnu	grub2	1.98	cpe:2.3:a:gnu:grub2:1.98:::::::*
gnu	grub2	1.99	cpe:2.3:a:gnu:grub2:1.99:::::::*
gnu	grub2	2.00	cpe:2.3:a:gnu:grub2:2.00:::::::*
gnu	grub2	2.01	cpe:2.3:a:gnu:grub2:2.01:::::::*
gnu	grub2	2.02	cpe:2.3:a:gnu:grub2:2.02:::::::*
fedoraproject	fedora	23	cpe:2.3:o:fedoraproject:fedora:23:::::::*

References for CVE-2015-8370

URL	Tags
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html	Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html
http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html
http://rhn.redhat.com/errata/RHSA-2015-2623.html
http://seclists.org/fulldisclosure/2015/Dec/69
http://www.debian.org/security/2015/dsa-3421
http://www.openwall.com/lists/oss-security/2015/12/15/6
http://www.openwall.com/lists/oss-security/2024/01/15/3
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Patch
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/archive/1/537115/100/0/threaded
http://www.securityfocus.com/bid/79358
http://www.securitytracker.com/id/1034422
http://www.ubuntu.com/usn/USN-2836-1
https://security.gentoo.org/glsa/201512-03

URL

CVE-2015-8370

Public exploit references (Exploit-DB) for CVE-2015-8370

Exploit prediction scoring system (EPSS) score for CVE-2015-8370

Common vulnerability scoring system (CVSS) metrics for CVE-2015-8370

Weakness enumeration for CVE-2015-8370

OS Trackers for CVE-2015-8370

Affected software / configurations for CVE-2015-8370

References for CVE-2015-8370