PT-2021-5815 · Grub2+10 · Grub2+10

Marco Benatto

·

Published

2021-02-08

·

Updated

2026-02-26

·

CVE-2021-20233

CVSS v3.1

8.2

High

VectorAV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.06
Description A flaw was found in the menu rendering code of grub2, specifically in the Setparam prefix() function, which performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters. This allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this issue is to data confidentiality and integrity as well as system availability. Exploitation of the flaw may allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.
Recommendations For versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the Setparam prefix() function in the menu rendering code until a patch is available.

Fix

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:1734
ALT-PU-2021-1969
ALT-PU-2021-3464
AZL-6466
AZL-78305
BDU:2022-00304
CESA-2021_0696
CESA-2021_1734
CESA-2021_2566
CVE-2021-20233
DSA-4867-1
MGASA-2021-0291
MGASA-2021-0315
OESA-2021-1095
OPENSUSE-SU-2021:0462-1
OPENSUSE-SU-2021_0462-1
OPENSUSE-SU-2024:10824-1
RHSA-2021:0696
RHSA-2021:0697
RHSA-2021:0698
RHSA-2021:0699
RHSA-2021:0700
RHSA-2021:0701
RHSA-2021:0702
RHSA-2021:0703
RHSA-2021:0704
RHSA-2021:1734
RHSA-2021:2566
RHSA-2021:2790
RHSA-2021:3675
RHSA-2021_0696
RHSA-2021_0699
RHSA-2021_1734
RHSA-2021_2566
RLSA-2021:1734
RLSA-2021:2566
SUSE-SU-2021:0679-1
SUSE-SU-2021:0681-1
SUSE-SU-2021:0682-1
SUSE-SU-2021:0683-1
SUSE-SU-2021:0684-1
SUSE-SU-2021:0685-1
SUSE-SU-2021:14659-1
SUSE-SU-2021_14659-1
USN-4992-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Grub2