Red Hat Grub2 UFS Module Symlink Handling Vulnerability Leading to Heap Corruption and Arbitrary Code Execution

A vulnerability exists in the Grub2 bootloader, specifically within the UFS module's symlink handling. The issue arises because the module does not properly validate the size of symlink data, allowing for an integer overflow. This oversight can lead to a heap-based out-of-bounds write, where the 'grub_ufs_lookup_symlink()' function writes beyond the allocated buffer size. Such a flaw can be exploited by creating a malicious filesystem, potentially corrupting heap data and enabling arbitrary code execution. This executed code could be used to bypass Secure Boot protections.

Impact

Exploitation of this vulnerability can lead to heap corruption, allowing for arbitrary code execution that bypasses Secure Boot mechanisms.

Remediation

Users can upgrade to Red Hat Enterprise Linux 9, where this vulnerability has been addressed. For details on how to apply this update, refer to the Red Hat Enterprise Linux 9 Release Notes.