漏洞标题
GRUB2在处理initrd命令时存在整数溢出,导致基于堆的缓冲区溢出。
漏洞描述信息
GRUB2 在处理 initrd 命令时存在整数溢出,导致基于堆的缓冲区溢出。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
漏洞描述信息
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
漏洞类别
使用共享资源的并发执行不恰当同步问题(竞争条件)
漏洞标题
grub2 输入验证错误漏洞
漏洞描述信息
grub2是GNU社区的一款Linux系统引导程序。 GRUB2 2.04及之前版本中的efilinux组件的‘grub_cmd_initrd’和‘grub_initrd_init’函数存在输入验证错误漏洞。攻击者可利用该漏洞执行任意代码并绕过UEFI安全启动限制。
CVSS信息
N/A
漏洞类别
输入验证错误