exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2020-27749

Status Candidate

Overview

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related Files

Red Hat Security Advisory 2021-3675-01
Posted Sep 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3675-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | ad9ce160c59df30cf9941c0697bd6c9340ed669c6ce5bb9d5b843c8b6fea9592
Red Hat Security Advisory 2021-2790-01
Posted Jul 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2790-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | be86abea103ec8d84e6360a6a41a211ab4c23cd15a420ca6d9cd3a53deafd4cd
Red Hat Security Advisory 2021-2566-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2566-01 - The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | d91cff7001af0e07e7cf5129e732ca530ae27f982e1b58ec9ae8ca90219abcb6
Ubuntu Security Notice USN-4992-1
Posted Jun 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4992-1 - Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the rmmod command in GRUB 2 contained a use- after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that a buffer overflow existed in the command line parser in GRUB 2. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 1f9aec408e5162b86a8b71d82cc6be6d6601a5a4992dbb961c31198f605ea5bf
Red Hat Security Advisory 2021-1734-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1734-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | dcedb24de00b5d9719c9c7f64315132bbca8814439dcc86339e598a30b79e84d
Gentoo Linux Security Advisory 202104-05
Posted May 3, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202104-5 - Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot. Versions less than 2.06_rc1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-14372, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 299d3aa5f1947d880973d356a72e943ce929b133f553e466d411763947ccd7a7
Debian Security Advisory 4867-1
Posted Mar 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4867-1 - Several vulnerabilities have been discovered in the GRUB2 bootloader.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 537768c2310ba33e047d7788f7bdfd32c9b759d9df6d5d342d3e6d4c2a7fbb7b
Red Hat Security Advisory 2021-0701-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0701-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | bac0e92d73c36ca3861a3c9399a30d7aaf20d451fca4508e2b74c05557dc85c8
Red Hat Security Advisory 2021-0700-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0700-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 95f6799f3865d5bad4d8983da0f149e24f1818f7a07b6b5675aa9ffd8e85b755
Red Hat Security Advisory 2021-0699-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0699-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 19c5d790135e6203b4d888f24f31d990697fa010b67917ee52553867a9fd8769
Red Hat Security Advisory 2021-0702-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0702-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | b89eaa9a649bc2e88c2dd6ccb4800e755b153e83fbfec296a19dd3a55d6e0758
Red Hat Security Advisory 2021-0704-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0704-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | b113d76400fe7779f8b0542b343841a779633f1d176f1fbd17bb38562705fb7a
Red Hat Security Advisory 2021-0703-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0703-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 565349d97f4c7d6f020ce8277fa102be10cdb1b69423f993945911b8b173ac7e
Red Hat Security Advisory 2021-0697-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0697-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 8009ba95cc600ab848b744c692618dc965eb7815bf42b86fe4d07eaaf0af6038
Red Hat Security Advisory 2021-0696-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0696-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | 2e66e3236da9504ddcad3f4c157fe5db026918d81fdb70cf40f9824107cc59ab
Red Hat Security Advisory 2021-0698-01
Posted Mar 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0698-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
SHA-256 | b277f93a116582f9d206ea0acef392eb08f682040a8424264be5ee53d301f801
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close