Ubuntu.comUB:CVE-2021-20233CVE-2021-20233
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in
the menu rendering code performs a length calculation on the assumption
that expressing a quoted single quote will require 3 characters, while it
actually requires 4 characters which allows an attacker to corrupt memory
by one byte for each quote in the input. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
Notes
| Author | Note |
|---|---|
| sbeattie | grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | grub2-signed | < 1.167~18.04.5 | UNKNOWN |
| ubuntu | 20.04 | noarch | grub2-signed | < 1.167.2 | UNKNOWN |
| ubuntu | 20.10 | noarch | grub2-signed | < 1.167.2 | UNKNOWN |
| ubuntu | 21.04 | noarch | grub2-signed | < 1.164 | UNKNOWN |
| ubuntu | 21.10 | noarch | grub2-signed | < 1.169 | UNKNOWN |
| ubuntu | 14.04 | noarch | grub2-signed | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | grub2-signed | < 1.164 | UNKNOWN |
| ubuntu | 18.04 | noarch | grub2-unsigned | < 2.04-1ubuntu44.1.2 | UNKNOWN |
| ubuntu | 20.04 | noarch | grub2-unsigned | < 2.04-1ubuntu44.2 | UNKNOWN |
| ubuntu | 20.10 | noarch | grub2-unsigned | < 2.04-1ubuntu44.2 | UNKNOWN |
Related
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%