Headline
CVE-2021-20225: Heap out-of-bounds write in short form option parser
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Description Marco Benatto 2021-02-03 13:26:08 UTC
The option parser in grub2 allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options.
Comment 3 Marco Benatto 2021-03-02 18:40:44 UTC
Created grub2 tracking bugs for this issue:
Affects: fedora-all [bug 1934251]
Comment 9 errata-xmlrpc 2021-03-02 20:09:41 UTC
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support
Via RHSA-2021:0702 https://access.redhat.com/errata/RHSA-2021:0702