Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/DNTYO/F5_Vulnerability
- https://github.com/EuroLinux/shim-review
- https://github.com/Fortinetofficial/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/amzdev0401/shim-review-backup
- https://github.com/baramundisoftware/ShimReview_2024
- https://github.com/bitraser/shim-review-15.4
- https://github.com/coreyvelan/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/ctrliq/shim-review
- https://github.com/jason-chang-atrust/shim-review
- https://github.com/jsegitz/shim-review-nonfork
- https://github.com/lenovo-lux/shim-review
- https://github.com/luojc123/shim-nsdl
- https://github.com/mwti/rescueshim
- https://github.com/neppe/shim-review
- https://github.com/neverware/shim-review
- https://github.com/ozun215/shim-review
- https://github.com/puzzleos/uefi-shim_review
- https://github.com/renorobert/grub-bhyve-bugs
- https://github.com/rhboot/shim-review
- https://github.com/synackcyber/BootHole_Fix
- https://github.com/vathpela/shim-review
- https://github.com/zeetim/shim-review