← Back

CVE-2020-27749

nvd nist
Published: Mar 3, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (20)

Show all products
Gnu: Grub2 · Redhat: Enterprise Linux, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Fedoraproject: Fedora · Netapp: Ontap Select Deploy Administration Utility
Gnu
1 product
Grub2
Redhat
5 products
Enterprise Linux
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Server Tus
Enterprise Linux Workstation
Fedoraproject
1 product
Fedora
Netapp
1 product
Ontap Select Deploy Administration Utility
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Grub2
Before 2.06
Configuration B
16 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Redhat
Enterprise Linux Server Aus
Version 7.2
Enterprise Linux Server Aus
Version 7.3
Enterprise Linux Server Aus
Version 7.4
Enterprise Linux Server Aus
Version 7.6
Enterprise Linux Server Aus
Version 7.7
Enterprise Linux Server Aus
Version 8.2
Redhat
Enterprise Linux Server Eus
Version 7.6
Enterprise Linux Server Eus
Version 7.7
Enterprise Linux Server Eus
Version 8.1
Redhat
Enterprise Linux Server Tus
Version 7.4
Enterprise Linux Server Tus
Version 7.6
Enterprise Linux Server Tus
Version 7.7
Enterprise Linux Server Tus
Version 8.2
Enterprise Linux Workstation
Version 7.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 33
Fedora
Version 34
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Ontap Select Deploy Administration Utility
All versions

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.