IM
IronMonkey Threat Research

CVE-2021-20225 HIGH

Published: 2021-03-03 | Last Modified: 2024-11-21 | Status: Modified

Description

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Additional Descriptions (1)

Se encontró un fallo en grub2 en versiones anteriores a 2.06. El analizador de opciones permite a un atacante escribir más allá del final de un búfer asignado a la pila al llamar a determinados comandos con una gran cantidad de formularios de opciones cortos específicos. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema

CVSS Metrics

Base Score: 6.7 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 0.8

Impact Score: 5.9

Base Score: 7.2 (HIGH)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 10.0

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-787
[email protected] Primary
en CWE-787

Affected Products

Vendor Product Version Update Type
gnu grub2 * <built-in method update of dict object at 0x72a9a0123b00> Application
redhat enterprise_linux 7.0 <built-in method update of dict object at 0x72a99a345b40> Operating System
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x72a9a0122600> Operating System
redhat enterprise_linux_server_aus 7.2 <built-in method update of dict object at 0x72a99a345040> Operating System
redhat enterprise_linux_server_aus 7.3 <built-in method update of dict object at 0x72a99a345f00> Operating System
redhat enterprise_linux_server_aus 7.4 <built-in method update of dict object at 0x72a99a344380> Operating System
redhat enterprise_linux_server_aus 7.6 <built-in method update of dict object at 0x72a99a346780> Operating System
redhat enterprise_linux_server_aus 7.7 <built-in method update of dict object at 0x72a99a344f00> Operating System
redhat enterprise_linux_server_aus 8.2 <built-in method update of dict object at 0x72a99a346140> Operating System
redhat enterprise_linux_server_eus 7.6 <built-in method update of dict object at 0x72a99a347700> Operating System
redhat enterprise_linux_server_eus 7.7 <built-in method update of dict object at 0x72a99a346440> Operating System
redhat enterprise_linux_server_eus 8.1 <built-in method update of dict object at 0x72a9a0122940> Operating System
redhat enterprise_linux_server_tus 7.4 <built-in method update of dict object at 0x72a99a344c40> Operating System
redhat enterprise_linux_server_tus 7.6 <built-in method update of dict object at 0x72a99a347a40> Operating System
redhat enterprise_linux_server_tus 7.7 <built-in method update of dict object at 0x72a99a347bc0> Operating System
redhat enterprise_linux_server_tus 8.2 <built-in method update of dict object at 0x72a99a344340> Operating System
redhat enterprise_linux_workstation 7.0 <built-in method update of dict object at 0x72a99a3442c0> Operating System
fedoraproject fedora 33 <built-in method update of dict object at 0x72a9a0121900> Operating System
fedoraproject fedora 34 <built-in method update of dict object at 0x72a99a345740> Operating System
netapp ontap_select_deploy_administration_utility - <built-in method update of dict object at 0x72a99a346700> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

References

Notification
Message here