CVE-2020-27749

NameCVE-2020-27749
DescriptionA flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4867-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
grub2 (PTS)stretch2.02~beta3-5+deb9u2vulnerable
buster, buster (security)2.02+dfsg1-20+deb10u4fixed
bullseye2.04-17fixed
sid2.04-18fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
grub2sourcebuster2.02+dfsg1-20+deb10u4DSA-4867-1
grub2source(unstable)2.04-16

Notes

[stretch] - grub2 <ignored> (No SecureBoot support in stretch)

Search for package or bug name: Reporting problems