CVE-2020-27749: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	grub2	< grub2 2.04-16 (bookworm)	grub2 2.04-16 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
gnu	grub2	< 2.06	2.06
gnu	grub2	—	—
gnu	grub2	>= 0 < 2.04-16	2.04-16
gnu	grub2	>= 0 < 2.04-16	2.04-16
gnu	grub2	>= 0 < 2.04-16	2.04-16
gnu	grub2	>= 0 < 2.04-16	2.04-16
msrc	cbl2_grub2_2.06rc1-7_on_cbl_mariner_2.0	—	—
msrc	cm1_grub2_2.06rc1-4_on_cbl_mariner_1.0	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

osv7.5HIGH