Via SC Magazine, researchers from the Cybersecurity Group at Polytechnic University of Valencia found an exploit in GRUB2 where pressing backspace 28 times at the login prompt causes an integer underflow that runs GRUB2’s rescue shell.

For all the gory details, you can check out the full writeup. I’m always amazed by the amount of damage that can be caused/fixed with something as simple as changing

if(key == '\b')

to

if(key == '\b' && cur_len)