A flaw was found in grub2 in versions prior to 2.06. During USB device initialization descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

🗓️ 11 Mar 2021 08:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Grub2 before 2.06 allows corruption and code execution via USB descriptors bypassing Secure Boot.

Reporter	Title	Published	Views	Family All 214
Tenable Nessus	Amazon Linux 2 : grub2 (ALAS-2021-1684)	16 Jul 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0026: grub2 (ALINUX3-SA-2021:0026)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0048: fwupd (ALINUX3-SA-2021:0048)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : grub2 (ALSA-2021:0696)	9 Feb 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : shim (ALSA-2021:1734)	9 Feb 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : fwupd (ALSA-2021:2566)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : grub2 (CESA-2021:0696)	3 Mar 202100:00	–	nessus
Tenable Nessus	CentOS 8 : fwupd (CESA-2021:2566)	3 Jul 202100:00	–	nessus
Tenable Nessus	CentOS 9 : shim-unsigned-x64-15.6-1.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	CentOS 7 : grub2 (RHSA-2021:0699)	9 Oct 202400:00	–	nessus

Vulners

Node

microsoft cbl2_grub2_2.06~rc1-7Range<2.06~rc1-7

OR

microsoft cm1_grub2_2.06~rc1-4Range<-

16 Dec 2021 08:00Current

8.2High risk

Vulners AI Score8.2

CVSS 27.2

CVSS 3.17.6

EPSS0.00794

grub vulnerability secure boot bypass memory corruption arbitrary code execution universal serial bus descriptors