Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu grub2 |
||
redhat enterprise linux atomic host - |
||
redhat openshift container platform 4.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
microsoft windows 10 - |
||
microsoft windows 10 1607 |
||
microsoft windows 10 1709 |
||
microsoft windows 10 1803 |
||
microsoft windows 10 1809 |
||
microsoft windows 10 1903 |
||
microsoft windows 10 1909 |
||
microsoft windows 10 2004 |
||
microsoft windows 8.1 - |
||
microsoft windows rt 8.1 - |
||
microsoft windows server 2012 - |
||
microsoft windows server 2012 r2 |
||
microsoft windows server 2016 - |
||
microsoft windows server 2016 1903 |
||
microsoft windows server 2016 1909 |
||
microsoft windows server 2016 2004 |
||
microsoft windows server 2019 - |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
debian debian linux 10.0 |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |
||
suse suse linux enterprise server 11 |
||
suse suse linux enterprise server 12 |
||
suse suse linux enterprise server 15 |
||
netapp active iq unified manager |