GRUB2 Memory Leak

The GRUB2 bootloader is a widely used open-source boot loader for Linux systems. This vulnerability occurs in the normal module of GRUB2 due to a memory Use After Free issue. An attacker can exploit this condition by invoking the normal_exit command after the related module has been removed, causing the system to improperly access a previously freed memory location.

You're affected if you use GRUB2 versions 2.06-2.08. This is a specific version range of the bootloader, so it's essential to check your GRUB2 version to determine if you're impacted. To verify your GRUB2 version, run the following command: grub --version

Note that this vulnerability does not affect other bootloaders like LILO or UEFI.

To fix this issue, update to a newer version of GRUB2. You can download the latest version from the official Red Hat website:

• For RHEL 9 and later: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/booting_on_an_external_media/index#booting-on-an-external-media-with-grub2
• For RHEL 8 and earlier: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/booting_on_an_external_media/index

Alternatively, you can apply the following immediate mitigations:

• Restrict network access to your GRUB2 instance (firewall it from the public internet)
• Audit GRUB2 configuration for suspicious settings
• Monitor for unusual GRUB2 behavior

• access.redhat.com
• bugzilla.redhat.com