On grub2 up to version 2.04, it's possible to inject code and subvert the boot process via a specially crafted grub configuration file. When grubx64.efi loads the malicious configuration file, the contents of a grub_parser_param structure are overwritten with string contents from the crafted input leading to arbitrary code execution. The boot process can be subverted even with secure boot enabled. CREATE(Triage):(User=admin) [CVE-2020-10713|https://nvd.nist.gov/vuln/detail/CVE-2020-10713]
