Launchpad.net

CVE 2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related bugs and status

CVE-2021-20233 (Candidate) is related to these bugs:

Bug #1915536: one grub

		In	Importance	Status
1915536	one grub	grub2 (Ubuntu)	Undecided	Fix Released
1915536	one grub	grub2-signed (Ubuntu)	Undecided	Fix Released
1915536	one grub	grub2 (Ubuntu Groovy)	Undecided	Fix Released
1915536	one grub	grub2-signed (Ubuntu Groovy)	Undecided	Fix Released
1915536	one grub	grub2 (Ubuntu Xenial)	Undecided	Fix Released
1915536	one grub	grub2-signed (Ubuntu Xenial)	Undecided	Fix Released
1915536	one grub	grub2 (Ubuntu Focal)	Undecided	Fix Released
1915536	one grub	grub2-signed (Ubuntu Focal)	Undecided	Fix Released
1915536	one grub	grub2 (Ubuntu Bionic)	Undecided	Fix Released
1915536	one grub	grub2-signed (Ubuntu Bionic)	Undecided	Fix Released
1915536	one grub	grub2 (Ubuntu Hirsute)	Undecided	Fix Released
1915536	one grub	grub2-signed (Ubuntu Hirsute)	Undecided	Fix Released
1915536	one grub	grub2-unsigned (Ubuntu)	Undecided	Fix Released
1915536	one grub	grub2-unsigned (Ubuntu Bionic)	Undecided	Fix Released
1915536	one grub	grub2-unsigned (Ubuntu Focal)	Undecided	Fix Released
1915536	one grub	grub2-unsigned (Ubuntu Groovy)	Undecided	Fix Released
1915536	one grub	grub2-unsigned (Ubuntu Hirsute)	Undecided	Fix Released
1915536	one grub	grub2-unsigned (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-20233

Related bugs and status

Related bugs

References