Description
There's an issue with grub2 in all versions before 2.06 when handling
squashfs filesystems containing a symbolic link with name length of UINT32
bytes in size. The name size leads to an arithmetic overflow leading to a
zero-size allocation further causing a heap-based buffer overflow with
attacker controlled data.
Ubuntu-Description
Chris Coulson discovered that multiple integer overflows existed in GRUB2
when handling certain filesystems or font files, leading to heap-based
buffer overflows. A local attacker could use these to execute arbitrary
code and bypass UEFI Secure Boot restrictions.
Notes
amurray | grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low |
Updated: 2020-10-24 07:02:35 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)