Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017480 advisory. A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quot...

SUSE CVE-2026-31470

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of host controlled 'quote' buffer length Validate host controlled value quotebuf-outlen that determines how many bytes of the quote are copied out to guest userspace. In TDX environments with remote...

CVE-2026-31470

CVE-2026-31470 concerns the Linux kernel TDX guest path, specifically the virt: tdx-guest component. Multiple connected sources confirm a fix for handling of the host-controlled quote buffer length, where the host can set quote_buf->out_len to influence how many bytes of the quote are copied t...

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

DEBIAN-CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...

AZL-6466 CVE-2021-20233 affecting package grub2 for versions less than 2.06~rc1-7

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...

grub2: Heap out-of-bounds write due to miscalculation of space required for quoting

A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...

UBUNTU-CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...