CVE-2020-14309

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Grub2 versions prior to 2.06

Description The issue is related to an integer overflow of the UINT32 value, which can allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. Specifically, the problem occurs when handling squashfs filesystems that contain a symbolic link with a name length of UINT32 bytes, leading to an arithmetic overflow and a heap-based buffer overflow with attacker-controlled data.

Recommendations For Grub2 versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider avoiding the use of squashfs filesystems with symbolic links that could trigger the overflow until a patch is applied. Restrict access to sensitive data handled by Grub2 to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2020-3534

ALT-PU-2021-1969

ALT-PU-2021-3464

AZL-6457

BDU:2020-03968

CESA-2020_3216

CESA-2020_3217

CVE-2020-14309

DSA-4735-1

DSA-4735-2

MGASA-2021-0315

OPENSUSE-SU-2020:1168-1

OPENSUSE-SU-2020:1169-1

OPENSUSE-SU-2020_1168-1

OPENSUSE-SU-2020_1169-1

RHSA-2020:3216

RHSA-2020:3217

RHSA-2020:3223

RHSA-2020:3227

RHSA-2020:3271

RHSA-2020:3273

RHSA-2020:3274

RHSA-2020:3275

RHSA-2020:3276

RHSA-2020_3216

RHSA-2020_3217

SUSE-SU-2020:14440-1

SUSE-SU-2020:2073-1

SUSE-SU-2020:2074-1

SUSE-SU-2020:2076-1

SUSE-SU-2020:2077-1

SUSE-SU-2020:2078-1

SUSE-SU-2020:2079-1

USN-4432-1

USN-4432-2

Affected Products

Alt Linux

Centos

Grub2

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2020-14309

Weakness Enumeration

Related Identifiers

Affected Products

References · 82