GNU GRUB2 Integer Overflow Vulnerability in TAR File Handling Allows Secure Boot Bypass

A vulnerability exists in GNU GRUB2 related to how it processes TAR files. GRUB2 allocates a buffer for file names but does not adequately check the allocation size, leaving it vulnerable to integer overflow. This oversight can be exploited with a specially crafted TAR file, causing a heap-based out-of-bounds write. As a result, an attacker could potentially bypass Secure Boot protections. This vulnerability affects GRUB2 versions prior to the patched release in February 2025.

Impact

Exploitation of this vulnerability leads to a heap out-of-bounds write, allowing for memory corruption that can be leveraged to bypass Secure Boot protections.

Reproduction

To reproduce this vulnerability, a crafted TAR file must be created that exploits the integer overflow in GRUB2's TAR file handling. This file should then be used in a GRUB2 environment that is not under lockdown, as the vulnerability has been patched in the official GRUB2 repository and will be available through major Linux distributions.

Remediation

Users should update to the latest version of GRUB2, which includes the necessary patches. After updating, ensure that the SHIM bootloader is also updated to the latest version, as this vulnerability can be exploited to bypass Secure Boot protections.