GRUB2 Integer Overflow Vulnerability in Read Command Leading to Heap-Based Out-of-Bounds Write

A vulnerability exists in the GRUB2 bootloader, specifically in the read command, which processes keyboard input. The issue arises because the input length is managed as a 32-bit integer, which can overflow when a sufficiently long line is entered. This overflow can cause an out-of-bounds write to a heap-based buffer. Such exploitation may corrupt GRUB's critical internal data, with a potential bypass of secure boot protections.

Impact

Exploitation of this vulnerability can lead to a heap-based out-of-bounds write, allowing for corruption of GRUB's internal data. This could potentially bypass secure boot protections.

Reproduction

The vulnerability can be reproduced by using the GRUB2 read command to input a line long enough to cause a 32-bit integer overflow. This overflow will lead to an out-of-bounds write in a heap-based buffer, allowing for the corruption of GRUB's internal data.

Remediation

Users can apply the GRUB2 update available for Red Hat Enterprise Linux 9, which addresses this vulnerability. Instructions for applying the update can be found in the Red Hat Enterprise Linux 9 Release Notes.