CVE-2021-20225
First published: Wed Feb 03 2021(Updated: )
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/grub | <2.06 | 2.06 |
| Gnu Grub2 | <2.06 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Server Aus | =7.2 | |
| Redhat Enterprise Linux Server Aus | =7.3 | |
| Redhat Enterprise Linux Server Aus | =7.4 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Aus | =7.7 | |
| Redhat Enterprise Linux Server Aus | =8.2 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.7 | |
| Redhat Enterprise Linux Server Eus | =8.1 | |
| Redhat Enterprise Linux Server Tus | =7.4 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.7 | |
| Redhat Enterprise Linux Server Tus | =8.2 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| NetApp ONTAP Select Deploy administration utility |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1924696
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
- https://security.netapp.com/advisory/ntap-20220325-0001/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1934251
- https://access.redhat.com/errata/RHSA-2021:0698
- https://access.redhat.com/errata/RHSA-2021:0696
- https://access.redhat.com/errata/RHSA-2021:0697
- https://access.redhat.com/errata/RHSA-2021:0703
- https://access.redhat.com/errata/RHSA-2021:0704
- https://access.redhat.com/errata/RHSA-2021:0702
- https://access.redhat.com/errata/RHSA-2021:0699
- https://access.redhat.com/errata/RHSA-2021:0700
- https://access.redhat.com/errata/RHSA-2021:0701
- https://access.redhat.com/security/cve/cve-2021-20225
- https://access.redhat.com/errata/RHSA-2021:1734
- https://access.redhat.com/errata/RHSA-2021:2566
- https://access.redhat.com/errata/RHSA-2021:2790
- https://access.redhat.com/errata/RHSA-2021:3675
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
Frequently Asked Questions
What is the vulnerability ID of this flaw?
The vulnerability ID is CVE-2021-20225.
What is the severity level of CVE-2021-20225?
The severity level of CVE-2021-20225 is high.
What is the affected software by CVE-2021-20225?
The affected software includes grub2 versions prior to 2.06, Gnu Grub2, and Redhat Enterprise Linux versions 7.0, 8.0, 7.2, 7.3, 7.4, 7.6, 7.7, 8.2, and Redhat Enterprise Linux Server Aus, Eus, Tus, and Workstation. Also, Fedoraproject Fedora 33 and 34, and NetApp ONTAP Select Deploy administration utility.
What is the highest threat from CVE-2021-20225?
The highest threat from CVE-2021-20225 is to data confidentiality and integrity.
How do I fix the vulnerability CVE-2021-20225?
To fix the vulnerability CVE-2021-20225, update to grub2 version 2.06 or higher, as provided by Redhat in the errata RHSA-2021:0698 and RHSA-2021:0696.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20225
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/gnu
- canonical/gnu grub2
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- version/redhat enterprise linux server aus/7.7
- version/redhat enterprise linux server aus/8.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.6
- version/redhat enterprise linux server eus/7.7
- version/redhat enterprise linux server eus/8.1
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.4
- version/redhat enterprise linux server tus/7.6
- version/redhat enterprise linux server tus/7.7
- version/redhat enterprise linux server tus/8.2
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- package-manager/redhat