PT-2020-3625 · Gnu+7 · Grub2+7

Chris Coulson

+1

·

Published

2020-07-29

·

Updated

2024-06-15

·

CVE-2020-15707

CVSS v3.1

6.4

Medium

VectorAV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Grub2 versions prior to 2.04
Description The issue is related to the implementation of the grub cmd initrd and grub initrd init functions in Grub2, which can be exploited by passing a large number of arguments to the initrd command on 32-bit architectures, or by using a crafted filesystem with very large files on any architecture. This can lead to a heap-based buffer overflow, allowing an attacker to execute arbitrary code, bypass UEFI Secure Boot restrictions, and compromise data confidentiality and integrity.
Recommendations For Grub2 versions prior to 2.04, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the initrd command on 32-bit architectures to minimize the risk of exploitation. Additionally, avoid using crafted filesystems with very large files until the issue is resolved.

Exploit

Fix

Integer Overflow

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-362

Related Identifiers

ALT-PU-2020-3534
ALT-PU-2021-1969
ALT-PU-2021-3464
BDU:2020-03972
CESA-2020_3216
CESA-2020_3217
CVE-2020-15707
DSA-4735-1
DSA-4735-2
MGASA-2021-0315
OPENSUSE-SU-2020:1168-1
OPENSUSE-SU-2020:1169-1
OPENSUSE-SU-2020_1168-1
OPENSUSE-SU-2020_1169-1
OPENSUSE-SU-2024:10824-1
RHSA-2020:3216
RHSA-2020:3217
RHSA-2020:3223
RHSA-2020:3227
RHSA-2020:3271
RHSA-2020:3274
RHSA-2020:3275
RHSA-2020:3276
RHSA-2020_3216
RHSA-2020_3217
SUSE-SU-2020:14440-1
SUSE-SU-2020:2073-1
SUSE-SU-2020:2074-1
SUSE-SU-2020:2076-1
SUSE-SU-2020:2077-1
SUSE-SU-2020:2078-1
SUSE-SU-2020:2079-1
USN-4432-1
USN-4432-2

Affected Products

Alt Linux
Centos
Grub2
Linuxmint
Red Hat
Red Os
Suse
Ubuntu