CVE-2021-20225

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.06

Description A flaw was found in the option parser of grub2, allowing an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. This poses a threat to data confidentiality and integrity, as well as system availability. The vulnerability can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider restricting the use of certain commands with short forms of options to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:1734

ALT-PU-2021-1969

ALT-PU-2021-3464

AZL-6465

AZL-78302

BDU:2022-00308

CESA-2021_0696

CESA-2021_1734

CESA-2021_2566

CVE-2021-20225

DSA-4867-1

MGASA-2021-0315

OESA-2021-1095

OPENSUSE-SU-2021:0462-1

OPENSUSE-SU-2021_0462-1

OPENSUSE-SU-2024:10824-1

RHSA-2021:0696

RHSA-2021:0697

RHSA-2021:0698

RHSA-2021:0699

RHSA-2021:0700

RHSA-2021:0701

RHSA-2021:0702

RHSA-2021:0703

RHSA-2021:0704

RHSA-2021:1734

RHSA-2021:2566

RHSA-2021:2790

RHSA-2021:3675

RHSA-2021_0696

RHSA-2021_0699

RHSA-2021_1734

RHSA-2021_2566

RLSA-2021:1734

RLSA-2021:2566

SUSE-SU-2021:0679-1

SUSE-SU-2021:0681-1

SUSE-SU-2021:0682-1

SUSE-SU-2021:0683-1

SUSE-SU-2021:0684-1

SUSE-SU-2021:0685-1

SUSE-SU-2021:14659-1

SUSE-SU-2021_14659-1

USN-4992-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Grub2

CVE-2021-20225

Weakness Enumeration

Related Identifiers

Affected Products

References · 115