Описание
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Отчет
Red Hat Product Security team has rated this vulnerability as Important, as an attacker that has access to the same network segment is able to exploit it once netboot is enabled in grub2.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | grub2 | Affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | grub2 | Fixed | RHSA-2025:3396 | 31.03.2025 |
| Red Hat Enterprise Linux 8 | grub2 | Fixed | RHSA-2025:3367 | 27.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | grub2 | Fixed | RHSA-2025:2784 | 13.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | grub2 | Fixed | RHSA-2025:2655 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | grub2 | Fixed | RHSA-2025:2655 | 11.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | grub2 | Fixed | RHSA-2025:2655 | 11.03.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | grub2 | Fixed | RHSA-2025:2653 | 11.03.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | grub2 | Fixed | RHSA-2025:2653 | 11.03.2025 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | grub2 | Fixed | RHSA-2025:2653 | 11.03.2025 |
Показывать по
Дополнительная информация
Статус:
7.6 High
CVSS3
Связанные уязвимости
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
A flaw was found in grub2. During the network boot process, when tryin ...
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
7.6 High
CVSS3