Debian DSA-4867-1 Critical: Grub2 Security Risks Detected
debian
March 2, 2021
Several vulnerabilities have been discovered in the GRUB2 bootloader
Summary
CVE-2020-14372
It was discovered that the acpi command allows a privileged user to
load crafted ACPI tables when Secure Boot is enabled.
CVE-2020-25632
A use-after-free vulnerability was found in the rmmod command.
CVE-2020-25647
An out-of-bound write vulnerability was found in the
grub_usb_device_initialize() function, which is called to handle USB
device initialization.
CVE-2020-27749
A stack buffer overflow flaw was found in grub_parser_split_cmdline.
CVE-2020-27779
It was discovered that the cutmem command allows a privileged user
to remove memory regions when Secure Boot is enabled.
CVE-2021-20225
A heap out-of-bounds write vulnerability was found in the short form
option parser.
CVE-2021-20233
A heap out-of-bound write flaw was found caused by mis-calculation
of space required for quoting in the menu rendering.
Further detailed information can be found at
For the stable distribution (buster), these problems have been fixed in
version 2.02+dfsg1-20...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: grub2
CVE ID: CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!