Acknowledged
Created: Jul 29, 2020
Updated: Sep 20, 2020
Found In Version: 8.0.0.1
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace
On grub2 up to version 2.04, it's possible to inject code and subvert the boot process via a specially crafted grub configuration file. When grubx64.efi loads the malicious configuration file, the contents of a grub_parser_param structure are overwritten with string contents from the crafted input leading to arbitrary code execution. The boot process can be subverted even with secure boot enabled.
CREATE(Triage):(User=admin) [CVE-2020-10713|https://nvd.nist.gov/vuln/detail/CVE-2020-10713]