1927436 – (CVE-2021-3408) CVE-2021-3408 grub2: heap out-of-bound write due to mis-calculation of space required for quoting

Bug 1927436 (CVE-2021-3408) - CVE-2021-3408 grub2: heap out-of-bound write due to mis-calculation of space required for quoting

Summary: CVE-2021-3408 grub2: heap out-of-bound write due to mis-calculation of space ...

Keywords:
Status:	CLOSED DUPLICATE of bug 1926263
Alias:	CVE-2021-3408
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1899965 1944614
TreeView+	depends on / blocked

Reported:	2021-02-10 17:37 UTC by Marco Benatto
Modified:	2022-08-22 07:36 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-02-23 11:10:35 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marco Benatto 2021-02-10 17:37:15 UTC

The grub2 menu rendering code miscalculate the memory amount to hold single-quoted strings. This lead to a out-of-bounds write in grub2's heap by one byte per quote in the input. This results to a 'write-what-where' scenario which an attacker may leverage to compromise heap integrity and possibly code execution, leading to Secure Boot circumvention. To an attack being successful deployed, the attacker needs to have high privileges into the targeted system and also triage the heap layout to successfully deploy a crafted payload.

Comment 2 Marian Rehak 2021-02-23 11:10:35 UTC


*** This bug has been marked as a duplicate of bug 1926263 ***

Comment 3 Salvatore Bonaccorso 2021-03-03 08:07:19 UTC

Should this CVE be rejected (and alias removed from here)? as duplicate of CVE-2021-20233?

Comment 4 Marco Benatto 2021-03-03 15:22:46 UTC

In reply to comment #3:
> Should this CVE be rejected (and alias removed from here)? as duplicate of
> CVE-2021-20233?

Hello,

yes, this has been closed as duplicate of CVE-2021-20233 and won't be reported to Mitre.
Please consider CVE-2021-20233 as reported at https://www.mail-archive.com/grub-devel@gnu.org/msg31641.html

Let me know if you have any doubts or concerns.

Note You need to log in before you can comment on or make changes to this bug.