Описание
[REJECTED CVE] The grub2 menu rendering code miscalculate the memory amount to hold single-quoted strings. This lead to a out-of-bounds write in grub2's heap by one byte per quote in the input. This results to a 'write-what-where' scenario which an attacker may leverage to compromise heap integrity and possibly code execution, leading to Secure Boot circumvention. To an attack being successful deployed, the attacker needs to have high privileges into the targeted system and also triage the heap layout to successfully deploy a crafted payload.
Отчет
This flaw was found to be a duplicate of CVE-2021-20233. Please see https://access.redhat.com/security/cve/CVE-2021-20233 for information about affected products and security errata.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | grub2 | Under investigation | ||
| Red Hat Enterprise Linux 8 | grub2 | Under investigation |
Показывать по
Дополнительная информация
0 Low
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
0 Low
CVSS3