CVE-2020-14311

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.06

Description The issue is related to a buffer overflow when handling symbolic links in ext filesystems. An arithmetic overflow occurs when a filesystem contains a symbolic link with an inode size of UINT32 MAX, leading to a zero-sized memory allocation and a subsequent heap-based buffer overflow. This can allow an attacker to compromise data integrity or cause a denial of service.

Recommendations For grub2 versions prior to 2.06, consider updating to version 2.06 or later to resolve the issue. As a temporary workaround, restrict the use of symbolic links in ext filesystems to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-122CWE-787

Related Identifiers

ALT-PU-2020-3534

ALT-PU-2021-1969

ALT-PU-2021-3464

AZL-6459

BDU:2020-03970

CESA-2020_3216

CESA-2020_3217

CVE-2020-14311

DSA-4735-1

DSA-4735-2

MGASA-2021-0315

OPENSUSE-SU-2020:1168-1

OPENSUSE-SU-2020:1169-1

OPENSUSE-SU-2020_1168-1

OPENSUSE-SU-2020_1169-1

RHSA-2020:3216

RHSA-2020:3217

RHSA-2020:3223

RHSA-2020:3227

RHSA-2020:3271

RHSA-2020:3273

RHSA-2020:3274

RHSA-2020:3275

RHSA-2020:3276

RHSA-2020_3216

RHSA-2020_3217

SUSE-SU-2020:14440-1

SUSE-SU-2020:2073-1

SUSE-SU-2020:2074-1

SUSE-SU-2020:2076-1

SUSE-SU-2020:2077-1

SUSE-SU-2020:2078-1

SUSE-SU-2020:2079-1

USN-4432-1

USN-4432-2

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

Grub2

CVE-2020-14311

Weakness Enumeration

Related Identifiers

Affected Products

References · 85