GRUB2 Vulnerable to Out-of-Bounds Write via Network Boot Process in 'grub_strcpy()' Function
37142
03 March 2026
03 March 2026
CLOSED
MEDIUM
7.6
CVE-2025-0624
|
Brocade Security Advisory ID |
BSA-2026-3200 |
|
Component |
GNU Grub |
|
|
|
Summary
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the `grub_strcpy() `function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching fo
Products Affected
- Brocade SANnav before 2.4.0a
Products Not Affected
- Brocade Fabric OS
[VEX Justification: Component_not_present] - Brocade ASCG
[VEX Justification: Vulnerable_code_not_in_execute_path]
Solution
- Security update provided in Brocade SANnav 2.4.0a and 3.0.0
- While not exploitable, security update provided in Brocade ASCG 3.4.0
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
March 3, 2026 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.