Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution

Vulnerability

A heap-based buffer overflow vulnerability exists in GRUB2's UDF filesystem module (grub_udf_read_block()). When reading data from disk, the module uses user-controlled data length metadata to allocate internal buffers. During iteration through disk sectors, it assumes the read size is always smaller than the allocated buffer size, but this assumption is not guaranteed. A crafted filesystem image can exploit this to cause a buffer overflow. Affected versions include all GRUB2 versions prior to the 2025-02-18 patch set [1][2][3].

Exploitation

An attacker with the ability to boot from a crafted UDF filesystem image (e.g., via physical access or in a multi-boot environment) can trigger the vulnerability. The attacker must provide a maliciously crafted filesystem image that causes the UDF module to read data from disk with a size exceeding the allocated buffer. No authentication or user interaction beyond booting from the image is required [3].

Impact

Successful exploitation allows arbitrary code execution within the GRUB2 environment, potentially bypassing Secure Boot protections. The attacker can corrupt critical data and execute arbitrary code, compromising system integrity and confidentiality. The vulnerability can be leveraged to install bootkits or persistent malware [2][3].

Mitigation

The vulnerability has been fixed in GRUB2 upstream via a patch set published on 2025-02-18 [1]. Full mitigation requires updated GRUB2, shim with the latest SBAT (Secure Boot Advanced Targeting) data, and vendor updates. UEFI revocation list (dbx) will not be used; revocation is done solely with SBAT. Users should apply vendor-provided updates when available [1][2].