CVE-2020-27749
MEDIUMGRUB2 < 2.06 - Stack-based Buffer Overflow via Variable Name Expansion
Title source: llmDescription
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (4)
Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1899966
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202104-05
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220325-0001/
Scores
CVSS v3
6.7
EPSS
0.0006
EPSS Percentile
18.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (20)
fedoraproject/fedora
33
fedoraproject/fedora
34
gnu/grub2
< 2.06
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux_server_aus
7.2
redhat/enterprise_linux_server_aus
7.3
redhat/enterprise_linux_server_aus
7.4
redhat/enterprise_linux_server_aus
7.6
... and 10 more
Published
Mar 03, 2021
Tracked Since
Feb 18, 2026