Stack Buffer Overflow in Grub2 Affects Red Hat and Fedora Distributions
CVE-2020-27749

6.7MEDIUM

Key Information:

Vendor
Gnu
Status
Grub2
Vendor
CVE Published:
3 March 2021

Summary

A vulnerability present in Grub2 could allow attackers to exploit the variable name expansion in the command line, resulting in a stack buffer overflow. This flaw can lead to stack corruption and unauthorized control over the system's execution flow, potentially allowing attackers to bypass Secure Boot protections. Data confidentiality, integrity, and system availability could be severely compromised, posing significant risks to both users and organizations relying on affected products.

Affected Version(s)

grub2 grub 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1899966
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202104-05
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.