AZL-6463

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6463.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-6463

Upstream

CVE-2020-27749

Published

2021-03-03T17:15:11Z

Modified

2026-04-01T05:20:22.910055Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2020-27749 affecting package grub2 for versions less than 2.06~rc1-7

Details

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-27749

Affected packages

Azure Linux:2 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06~rc1-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6463.json"