CVE-2020-14310

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 29-07-2020 07:00

Last modified: - 29-07-2020 07:00

Total changes: - 9

Description

CVE-2020-14310 grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

High

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

5.7

Base score

Exploitability score

Impact score

Verification logic

AND

product=fwupdate-0 AND versionEndExcluding=12-6.el7_8

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_8

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=shim-0 AND versionEndExcluding=15-7.el7_9

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=shim-signed-0 AND versionEndExcluding=15-7.el7_8

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_2

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.2

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.2

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_2

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.2

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.3

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.3

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_3

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.3

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.3

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.3

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_3

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.3

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.3

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.3

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_3

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.3

AND

product=fwupdate-0 AND versionEndExcluding=9-10.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.4

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.4

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.4

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_aus AND version=7.4

AND

product=fwupdate-0 AND versionEndExcluding=9-10.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.4

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.4

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.4

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_tus AND version=7.4

AND

product=fwupdate-0 AND versionEndExcluding=9-10.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.4

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.4

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.4

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_4

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=7.4

AND

product=fwupdate-0 AND versionEndExcluding=12-6.el7_6

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.6

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_6

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.6

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.6

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_6

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.6

AND

product=fwupdate-0 AND versionEndExcluding=12-6.el7_7

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.7

AND

product=grub2-1 AND versionEndExcluding=2.02-0.86.el7_7

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.7

AND

product=shim-0 AND versionEndExcluding=15-8.el7

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.7

AND

product=shim-signed-0 AND versionEndExcluding=15-8.el7_7

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=7.7

AND

product=fwupd-0 AND versionEndExcluding=1.1.4-7.el8_2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8

AND

product=grub2-1 AND versionEndExcluding=2.02-87.el8_2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8

AND

product=shim-0 AND versionEndExcluding=15-14.el8_2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8

AND

product=shim-unsigned-x64-0 AND versionEndExcluding=15-7.el8

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=8

AND

product=fwupd-0 AND versionEndExcluding=1.1.4-2.el8_0

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=8.0

AND

product=grub2-1 AND versionEndExcluding=2.02-87.el8_0

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=8.0

AND

product=shim-0 AND versionEndExcluding=15-14.el8_0

vendor=Red Hat Enterprise Linux AND product=rhel_e4s AND version=8.0

AND

product=fwupd-0 AND versionEndExcluding=1.1.4-2.el8_1

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=8.1

AND

product=grub2-1 AND versionEndExcluding=2.02-87.el8_1

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=8.1

AND

product=shim-0 AND versionEndExcluding=15-14.el8_1

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=8.1

AND

product=shim-unsigned-x64-0 AND versionEndExcluding=15-7.el8

vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=8.1

Reference

Keywords

CVE-2020-14310

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

REDHAT

CVE-2020-14310

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures