CVE-2021-20225
Description
A heap out-of-bounds write in GRUB2's option parser (versions <2.06) allows local attackers to corrupt memory, potentially leading to privilege escalation or secure boot bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap out-of-bounds write in GRUB2's option parser (versions <2.06) allows local attackers to corrupt memory, potentially leading to privilege escalation or secure boot bypass.
Vulnerability
A heap out-of-bounds write vulnerability exists in the option parser of GRUB2 versions prior to 2.06. The flaw occurs when certain commands are called with a large number of specific short forms of options, causing the parser to write past the end of a heap-allocated buffer [1]. This affects all GRUB2 installations using the vulnerable code path, typically when processing boot configuration files or interactive commands.
Exploitation
An attacker with the ability to execute GRUB commands—either by modifying the boot configuration (e.g., grub.cfg) or by gaining access to the GRUB shell—can trigger the overflow. The attacker supplies a crafted command line containing an excessive number of short option flags to a vulnerable command. No authentication is required beyond the ability to influence GRUB's input [1].
Impact
Successful exploitation results in a heap out-of-bounds write, which can corrupt adjacent memory. This may lead to arbitrary code execution, disclosure of sensitive data, or denial of service. Additionally, the vulnerability could be leveraged to bypass UEFI Secure Boot protections, as noted in the Gentoo security advisory [3]. The overall impact is high, affecting confidentiality, integrity, and availability.
Mitigation
The issue is fixed in GRUB2 version 2.06. Red Hat has released updates for affected products (e.g., RHEL 7.4 Advanced Update Support) via RHSA-2021:0702 [1]. Gentoo recommends upgrading to >=sys-devel/grub-2.06_rc1 and then running grub-install to apply the fix [3]. No workaround is available; users must update GRUB and reinstall it to the boot sector.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
41- grub2/grub2description
- osv-coords39 versionspkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-unsigned-aarch64pkg:rpm/almalinux/shim-unsigned-x64pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 15.4-2.el8_1.alma+ 38 more
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 15-7.el8_1.alma
- (no CPE)range: < 15.4-4.el8_1.alma
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 2.04-lp152.7.22.7
- (no CPE)range: < 2.06-7.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.04-9.34.1
- (no CPE)range: < 2.04-9.34.1
- (no CPE)range: < 2.02-0.66.26.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202104-05mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220325-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.