CVE-2020-14308

 

Published at: - 29-07-2020 10:15

Last modified: - 18-04-2022 05:22

Total changes: - 5

Description

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=1852009
• [oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities-Mailing List, Third Party Advisory
• https://security.netapp.com/advisory/ntap-20200731-0008/
• USN-4432-1-Third Party Advisory
• openSUSE-SU-2020:1169-Mailing List, Third Party Advisory
• openSUSE-SU-2020:1168-Mailing List, Third Party Advisory
• GLSA-202104-05-Third Party Advisory
• [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list-Mailing List, Third Party Advisory
• [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list-Mailing List, Third Party Advisory
• [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2020-14308

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures