Stack Buffer Overflow in Grub2 Affects Red Hat and Fedora Distributions
CVE-2020-27749

6.7MEDIUM

Key Information:

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 3 March 2021

What is CVE-2020-27749?

A vulnerability present in Grub2 could allow attackers to exploit the variable name expansion in the command line, resulting in a stack buffer overflow. This flaw can lead to stack corruption and unauthorized control over the system's execution flow, potentially allowing attackers to bypass Secure Boot protections. Data confidentiality, integrity, and system availability could be severely compromised, posing significant risks to both users and organizations relying on affected products.

Affected Version(s)

grub2 grub 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1899966

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://security.gentoo.org/glsa/202104-05

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2021
Vulnerability Reserved
Oct 27, 2020

Gnu

What is CVE-2020-27749?

Affected Version(s)

References

CVSS V3.1

Timeline