Bugzilla – Bug 1183135
VUL-0: CVE-2021-3408: grub2: heap out-of-bound write due to mis-calculation of space required for quoting
Last modified: 2021-10-26 11:30:57 UTC
rh#1927436 The grub2 menu rendering code miscalculate the memory amount to hold single-quoted strings. This lead to a out-of-bounds write in grub2's heap by one byte per quote in the input. This results to a 'write-what-where' scenario which an attacker may leverage to compromise heap integrity and possibly code execution, leading to Secure Boot circumvention. To an attack being successful deployed, the attacker needs to have high privileges into the targeted system and also triage the heap layout to successfully deploy a crafted payload. References: https://bugzilla.redhat.com/show_bug.cgi?id=1927436 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3408 https://access.redhat.com/security/cve/CVE-2021-3408
The bug was marked as duplication of CVE-2021-20233 [1], which we have done the backport from previous round of boothole2 security fixes ... - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch [1] https://bugzilla.redhat.com/show_bug.cgi?id=1927436#c4 Thanks.
marking as duplicate *** This bug has been marked as a duplicate of bug 1182263 ***