There's a flaw on grub2 menu rendering code setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters. This allow an attacker to corrupt memory by one byte for each quote in the input.
*** Bug 1927436 has been marked as a duplicate of this bug. ***
Created grub2 tracking bugs for this issue: Affects: fedora-all [bug 1934252]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0698 http://access.redhat.com/errata/RHSA-2021:0698
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0696 http://access.redhat.com/errata/RHSA-2021:0696
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0697 http://access.redhat.com/errata/RHSA-2021:0697
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:0703 http://access.redhat.com/errata/RHSA-2021:0703
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2021:0704 http://access.redhat.com/errata/RHSA-2021:0704
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0702 http://access.redhat.com/errata/RHSA-2021:0702
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0699 http://access.redhat.com/errata/RHSA-2021:0699
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0700 http://access.redhat.com/errata/RHSA-2021:0700
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0701 http://access.redhat.com/errata/RHSA-2021:0701
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): http://access.redhat.com/security/cve/cve-2021-20233
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1734 http://access.redhat.com/errata/RHSA-2021:1734
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2566 http://access.redhat.com/errata/RHSA-2021:2566
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2790 http://access.redhat.com/errata/RHSA-2021:2790
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3675 http://access.redhat.com/errata/RHSA-2021:3675