PT-2020-3615 · Gnu+7 · Grub2+7

Chris Coulson

Published

2020-07-29

Updated

2024-06-15

CVE-2020-14308

CVSS v3.1

6.4

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Grub2 versions prior to 2.06

Description The issue is related to an integer overflow in the implementation of the dynamic memory allocation function in the Grub2 operating system loader. This can lead to the function returning invalid memory allocations, potentially affecting the integrity, confidentiality, and availability of information during the boot process.

Recommendations For Grub2 versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider restricting the use of dynamic memory allocation in the Grub2 loader until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2020-3534

ALT-PU-2021-1969

ALT-PU-2021-3464

AZL-6456

BDU:2020-03955

CESA-2020_3216

CESA-2020_3217

CVE-2020-14308

DSA-4735-1

DSA-4735-2

MGASA-2021-0315

OPENSUSE-SU-2020:1168-1

OPENSUSE-SU-2020:1169-1

OPENSUSE-SU-2020_1168-1

OPENSUSE-SU-2020_1169-1

OPENSUSE-SU-2024:10824-1

RHSA-2020:3216

RHSA-2020:3217

RHSA-2020:3223

RHSA-2020:3227

RHSA-2020:3271

RHSA-2020:3273

RHSA-2020:3274

RHSA-2020:3275

RHSA-2020:3276

RHSA-2020_3216

RHSA-2020_3217

SUSE-SU-2020:14440-1

SUSE-SU-2020:2073-1

SUSE-SU-2020:2074-1

SUSE-SU-2020:2076-1

SUSE-SU-2020:2077-1

SUSE-SU-2020:2078-1

SUSE-SU-2020:2079-1

USN-4432-1

USN-4432-2

Affected Products

Alt Linux

Centos

Grub2

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2020-3615 · Gnu+7 · Grub2+7

CVE-2020-14308

Weakness Enumeration

Related Identifiers

Affected Products

References · 95