Heap Overflow in GRUB2 Squash4 Filesystem Module Enables Arbitrary Code Execution
A vulnerability exists in grub2's squash4 filesystem module that can lead to serious security risks. When reading data from a squash4 filesystem, the module uses user-controlled parameters to calculate buffer sizes without properly checking for integer overflows. This means a maliciously crafted filesystem could cause buffer size calculations to overflow, resulting in a grub_malloc() operation with an unexpectedly small buffer size. The direct_read() function may then perform a heap-based out-of-bounds write during data reading. This flaw could potentially allow an attacker to corrupt grub's critical internal data and potentially execute arbitrary code, effectively bypassing secure boot protections.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
red hat red hat enterprise linux 7 |
||
red hat red hat enterprise linux 8 |
||
red hat red hat enterprise linux 9 |
||
red hat red hat openshift container platform 4 |
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders By Bill Toulas March 31, 2025 03:56 PM 0 Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Microsoft discovered eleven vulnerabilities...
Vulmon