GNU GRUB2 BFS File System Driver Integer Overflow Vulnerability Leading to Heap Out-of-Bounds Read

A vulnerability exists in the BFS file system driver of GNU GRUB2, where an integer overflow can occur when the software reads files with an indirect extent map. This flaw arises because GRUB2 does not properly validate the number of extent entries before reading them. As a result, a crafted or corrupted BFS file system can cause the integer overflow, leading to a heap-based out-of-bounds read. This vulnerability may allow sensitive data to be leaked or cause GRUB2 to crash.

Impact

Exploitation of this vulnerability can result in a heap-based out-of-bounds read, potentially leaking sensitive data or causing GRUB2 to crash.

Reproduction

To reproduce this vulnerability, a user must run GRUB2 with a specially crafted BFS file system image that includes an indirect extent map. The absence of proper validation for extent entries allows the integer overflow to occur during the file reading process.

Remediation

Users are advised not to run GRUB2 in untrusted environments with BFS file system images.