UBUNTU-CVE-2021-20225

Source
https://ubuntu.com/security/CVE-2021-20225
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-20225.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-20225
Related
Published
2021-03-02T18:00:00Z
Modified
2024-11-20T12:17:48Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22
1.23
1.24
1.25
1.26
1.27
1.30
1.31
1.32
1.33
1.34
1.34.1
1.34.2
1.34.3
1.34.4
1.34.5
1.34.6
1.34.7
1.34.8
1.34.9
1.34.13
1.34.14
1.34.16
1.34.17
1.34.18
1.34.20
1.34.22
1.34.24

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.167~18.04.5

Affected versions

1.*

1.85
1.86
1.87
1.89
1.91
1.92
1.93
1.93.1
1.93.2
1.93.3
1.93.4
1.93.5
1.93.7
1.93.8
1.93.10
1.93.11
1.93.13
1.93.14
1.93.15
1.93.16
1.93.18
1.93.19
1.93.20
1.93.21
1.93.22
1.93.24
1.167~18.04.1
1.167~18.04.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.167~18.04.5+2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.167~18.04.5+2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:18.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-1ubuntu44.1.2

Affected versions

2.*

2.04-1ubuntu44
2.04-1ubuntu44.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.04-1ubuntu44.1.2",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}

Ubuntu:20.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.167.2

Affected versions

1.*

1.128
1.129
1.130
1.131
1.133
1.134
1.135
1.136
1.137
1.138
1.139
1.140
1.141
1.142
1.142.1
1.142.3
1.142.4
1.142.5
1.142.6
1.142.8
1.142.9
1.142.10
1.142.11
1.167

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.167.2+2.04-1ubuntu44.2",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.167.2+2.04-1ubuntu44.2",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:20.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-1ubuntu44.2

Affected versions

2.*

2.04-1ubuntu44

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.04-1ubuntu44.2",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.04-1ubuntu44.2",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.04-1ubuntu44.2",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.04-1ubuntu44.2",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.04-1ubuntu44.2",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.04-1ubuntu44.2",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}

Ubuntu:22.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.180

Affected versions

1.*

1.173
1.174
1.176
1.177
1.178
1.179

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.180+2.06-2ubuntu7",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.180+2.06-2ubuntu7",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:22.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.06-2ubuntu7

Affected versions

2.*

2.04-1ubuntu47
2.04-1ubuntu48
2.06-2ubuntu3
2.06-2ubuntu4
2.06-2ubuntu5
2.06-2ubuntu6

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.06-2ubuntu7",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.06-2ubuntu7",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu7",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.06-2ubuntu7",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.06-2ubuntu7",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.06-2ubuntu7",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}