GNU GRUB HFS Filesystem Module Integer Overflow Vulnerability Leading to Heap-Based Out-of-Bounds Write

A vulnerability exists in the HFS filesystem module of GNU GRUB, where user-controlled metadata is used to calculate buffer sizes without proper validation, allowing for integer overflow. This flaw can be exploited by crafting a malicious filesystem that causes buffer size calculations to overflow, leading to a heap-based out-of-bounds write. Such exploitation could corrupt GRUB's critical internal data and potentially allow arbitrary code execution, bypassing Secure Boot protections.

Impact

Exploitation of this vulnerability can lead to a heap-based out-of-bounds write, allowing for corruption of GRUB's internal critical data and potentially enabling arbitrary code execution that bypasses Secure Boot protections.

Reproduction

To reproduce this vulnerability, a user must be tricked into running GRUB2 with a specially crafted HFS filesystem image. This vulnerability is not applicable to Red Hat Enterprise Linux 7, 8, 9, or Red Hat OpenShift Container Platform 4, as the HFS module is not built in these versions.

Remediation

Users can mitigate this vulnerability by not running GRUB2 in untrusted environments, specifically with HFS filesystem images.