Microsoft Discovers Eleven Vulnerabilities in GRUB2

Microsoft has discovered eleven vulnerabilities in GRUB2, including buffer and integer overflows in filesystem parsers, command injection flaws, and a side-channel attack in cryptographic comparison. Additionally, nine buffer overflows were identified in the parsing of SquashFS, EXT4, CramFS, JFFS2, and symbolic links in U-Boot and Barebox, requiring physical access to be exploited. These vulnerabilities affect devices using UEFI Secure Boot and can allow attackers to bypass security protections to execute arbitrary code. Microsoft's AI systems helped discover these vulnerabilities.