GNU GRUB is a multiboot boot loader used by most Linux systems.
An integer underflow in GRUB’s username/password authentication code has been discovered.
An attacker with access to the system console may bypass the username prompt by entering a sequence of backspace characters, allowing them e.g. to get full access to GRUB’s console or to load a customized kernel.
There is no known workaround at this time.
All GRUB 2.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-boot/grub-2.02_beta2-r8"
After upgrading, make sure to run the grub2-install command with options appropriate for your system. See the GRUB2 Quick Start guide in the references below for examples. Your system will be vulnerable until this action is performed.