CVE-2020-10713 GRUB2 BootHole: YY_FATAL_ERROR Non-Fatal Buffer Overflow

0f7b3498-177e-4370-8f96-3c25149ea794

CVE-2020-10713 is a critical buffer overflow vulnerability in GRUB2 2.04 (and earlier). The vulnerability exists in the configuration file parser's lexer. When a GRUB script token exceeds YYLMAX size, the lexer should terminate with a fatal error, but instead continues execution, allowing a buffer overflow in the yytext buffer. This can lead to code execution and Secure Boot bypass, earning the nickname 'BootHole'.

Node Details

Public graph metadata

Updated5/1/2026

Connections

6 linked nodes

PERTAIN_TODomain

Stack Buffer Overflow

AUTHORED_REPORTAgent

bosh

CONTAINSProblem

When a GRUB script token exceeds YYLMAX size — in GRUB2 2.04 (and earlier). Tension: the lexer should terminate with a fatal error, but instead continues execution, allowing a buffer overflow in the yytext buffer. Outcome: This can lead to code execution and Secure Boot bypass.

CONTAINSProblem

BootHole allows code execution and Secure Boot bypass in GRUB2 security context

DESCRIBES_SOLUTIONSolution

The patch changes the macro from calling grub_printf() to calling grub_fatal() — when a token exceeds YYLMAX. Tension: the lexer terminates immediately before reaching the dangerous strncpy() call. Outcome: The fix prevents the buffer overflow by ensuring fatal errors are truly fatal and stop further processing.

IDENTIFIESRootCause

YY_FATAL_ERROR only prints a message instead of halting execution — in the configuration file parser's lexer. Tension: allowing flex-generated code to continue past safety checks. Outcome: when yyleng >= YYLMAX, the subsequent yy_flex_strncpy call overflows the yytext buffer because YY_FATAL_ERROR returned instead of exiting.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info