A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

🗓️ 11 Mar 2021 08:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 2 Views

Grub2 before 2.06 has a Setparam_prefix quote length bug enabling memory corruption per quote.

Reporter	Title	Published	Views	Family All 224
Tenable Nessus	Amazon Linux 2 : grub2 (ALAS-2021-1684)	16 Jul 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0026: grub2 (ALINUX3-SA-2021:0026)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0048: fwupd (ALINUX3-SA-2021:0048)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : grub2 (ALSA-2021:0696)	9 Feb 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : shim (ALSA-2021:1734)	9 Feb 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : fwupd (ALSA-2021:2566)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : grub2 (CESA-2021:0696)	3 Mar 202100:00	–	nessus
Tenable Nessus	CentOS 8 : fwupd (CESA-2021:2566)	3 Jul 202100:00	–	nessus
Tenable Nessus	CentOS 9 : shim-unsigned-x64-15.6-1.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	CentOS 7 : grub2 (RHSA-2021:0699)	9 Oct 202400:00	–	nessus

Vulners

Node

microsoft azl3_grub2_2.06-26Range<2.06-26

OR

microsoft cbl2_grub2_2.06~rc1-7Range<2.06~rc1-7

26 Feb 2026 09:01Current

8.2High risk

Vulners AI Score8.2

CVSS 27.2

CVSS 3.18.2

EPSS0.00286

grub memory corruption setparam prefix bug quote length error pre 2.06 vulnerability data confidentiality integrity system availability