Heap Buffer Overflow in GRUB2 Affects Red Hat and Fedora
CVE-2021-20225

6.7MEDIUM

Key Information:

Vendor
Gnu
Status
Grub2
Vendor
CVE Published:
3 March 2021

Summary

A flaw exists in GRUB2 prior to version 2.06 that allows an attacker to exploit the option parser. By issuing commands with a large number of specific short-form options, an attacker can write beyond the bounds of a heap-allocated buffer. This vulnerability poses significant risks to data confidentiality and integrity, potentially impacting overall system availability.

Affected Version(s)

grub2 grub 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1924696
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202104-05
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.