| 제목 | GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process |
|---|
| 설명 | In the course of Eclypsium’s analysis, we have identified a buffer overflow vulnerability in the way that GRUB2 parses content from the GRUB2 config file (grub.cfg). Of note: The GRUB2 config file is a text file and typically is not signed like other files and executables. This vulnerability enables arbitrary code execution within GRUB2 and thus control over the booting of the operating system. As a result, an attacker could modify the contents of the GRUB2 configuration file to ensure that attack code is run before the operating system is loaded. In this way, attackers gain persistence on the device.
This vulnerability was assigned CVE-2020-10713 “GRUB2: crafted grub.cfg file can lead to arbitrary code execution during boot process” with a CVSS rating of 8.2 (High) / CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. |
|---|
| 원천 | ⚠️ https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot |
|---|
| 사용자 | misc (UID 3) |
|---|
| 제출 | 2020. 07. 30. AM 07:51 (6 연령 ago) |
|---|
| 모더레이션 | 2020. 07. 30. AM 08:34 (43 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 159143 [grub2 Config File Parser grub.cfg BootHole 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|