Authentication Bypass in Grub2 by GNU

CVE-2015-8370

Summary

Multiple integer underflow vulnerabilities in Grub2, specifically in versions 1.98 through 2.02, can be exploited by local attackers. These vulnerabilities permit the bypassing of authentication mechanisms, potentially exposing sensitive information or leading to denial of service through methods such as disk corruption. The issues originate from improper handling of backspace characters within the grub_username_get and grub_password_get functions, leading to memory errors that can be leveraged by unauthorized users.

References