CVE-2021-20233
Description
A heap buffer overflow in GRUB2's menu rendering code due to miscalculation of quoted single quote length allows memory corruption, threatening confidentiality, integrity, and availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer overflow in GRUB2's menu rendering code due to miscalculation of quoted single quote length allows memory corruption, threatening confidentiality, integrity, and availability.
Vulnerability
The vulnerability resides in the setparam_prefix() function in GRUB2's menu rendering code, affecting versions prior to 2.06. The function miscalculates the length required when quoting a single quote: it assumes 3 characters but actually needs 4. This results in a heap buffer overflow by one byte for each quote in the input [1].
Exploitation
An attacker can provide crafted input containing single quotes to trigger the miscalculation and corrupt memory. The attacker may not need authentication if they can influence the boot menu parameters, but the exact prerequisites depend on the system's configuration. The corruption is limited to one byte per quote, but repeated quotes could lead to more significant memory corruption.
Impact
Successful exploitation allows an attacker to corrupt memory, potentially leading to disclosure of sensitive data, integrity compromise, or denial of service. The highest threat is to data confidentiality and integrity as well as system availability [1].
Mitigation
The issue is fixed in GRUB2 version 2.06 [3]. For Red Hat Enterprise Linux 7.4 Advanced Update Support and similar, updates are available via RHSA-2021:0702 [1]. Gentoo users should upgrade to >=sys-devel/grub-2.06_rc1 [3]. No workaround is known [3].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
41- grub2/grub2description
- osv-coords39 versionspkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-unsigned-aarch64pkg:rpm/almalinux/shim-unsigned-x64pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 15.4-2.el8_1.alma+ 38 more
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 15-7.el8_1.alma
- (no CPE)range: < 15.4-4.el8_1.alma
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 2.04-lp152.7.22.7
- (no CPE)range: < 2.06-7.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.04-9.34.1
- (no CPE)range: < 2.04-9.34.1
- (no CPE)range: < 2.02-0.66.26.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202104-05mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220325-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.