openSUSE-SU-2020:1168

openSUSE-SU-2020:1169

https://bugzilla.redhat.com/show_bug.cgi?id=1852022

https://security.netapp.com/advisory/ntap-20200731-0008/

USN-4432-1

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - There's an issue with grub2 in all versions before 2.06     when handling squashfs filesystems containing a     symbolic link with name length of UINT32 bytes in size.
    The name size leads to an arithmetic overflow leading     to a zero-size allocation further causing a heap-based     buffer overflow with attacker controlled     data.(CVE-2020-14309)

  - There is an issue on grub2 before version 2.06 at     function read_section_as_string(). It expects a font     name to be at max UINT32_MAX - 1 length in bytes but it     doesn't verify it before proceed with buffer allocation     to read the value from the font value. An attacker may     leverage that by crafting a malicious font file which     has a name with UINT32_MAX, leading to     read_section_as_string() to an arithmetic overflow,     zero-sized allocation and further heap-based buffer     overflow.(CVE-2020-14310)

  - There is an issue with grub2 before version 2.06 while     handling symlink on ext filesystems. A filesystem     containing a symbolic link with an inode size of     UINT32_MAX causes an arithmetic overflow leading to a     zero-sized memory allocation with subsequent heap-based     buffer overflow.(CVE-2020-14311)

  - GRUB2 fails to validate kernel signature when booted     directly without shim, allowing secure boot to be     bypassed. This only affects systems where the kernel     signing certificate has been imported directly into the     secure boot database and the GRUB image is booted     directly without the use of shim. This issue affects     GRUB2 version 2.04 and prior versions.(CVE-2020-15705)

  - GRUB2 contains a race condition in     grub_script_function_create() leading to a     use-after-free vulnerability which can be triggered by     redefining a function whilst the same function is     already executing, leading to arbitrary code execution     and secure boot restriction bypass. This issue affects     GRUB2 version 2.04 and prior versions.(CVE-2020-15706)

  - Integer overflows were discovered in the functions     grub_cmd_initrd and grub_initrd_init in the efilinux     component of GRUB2, as shipped in Debian, Red Hat, and     Ubuntu (the functionality is not included in GRUB2     upstream), leading to a heap-based buffer overflow.
    These could be triggered by an extremely large number     of arguments to the initrd command on 32-bit     architectures, or a crafted filesystem with very large     files on any architecture. An attacker could use this     to execute arbitrary code and bypass UEFI Secure Boot     restrictions. This issue affects GRUB2 version 2.04 and     prior versions.(CVE-2020-15707)

  - In grub2 versions before 2.06 the grub memory allocator     doesn't check for possible arithmetic overflows on the     requested allocation size. This leads the function to     return invalid memory allocations which can be further     used to cause possible integrity, confidentiality and     availability impacts during the boot     process.(CVE-2020-14308)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for grub2 fixes the following issues :

  - Fix for CVE-2020-10713 (bsc#1168994)

  - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310,     CVE-2020-14311 (bsc#1173812)

  - Fix for CVE-2020-15706 (bsc#1174463)

  - Fix for CVE-2020-15707 (bsc#1174570)

  - Use overflow checking primitives where the arithmetic     expression for buffer

  - Use grub_calloc for overflow check and return NULL when     it would occur 

This update was imported from the SUSE:SLE-15-SP2:Update update project.

This update for grub2 fixes the following issues :

  - CVE-2020-10713 (bsc#1168994)

  - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310,     CVE-2020-14311 (bsc#1173812)

  - CVE-2020-15706 (bsc#1174463)

  - CVE-2020-15707 (bsc#1174570)

  - Use overflow checking primitives where the arithmetic     expression for buffer allocations may include     unvalidated data

  - Use grub_calloc for overflow check and return NULL when     it would occur 

This update was imported from the SUSE:SLE-15-SP1:Update update project.

USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. We apologize for the inconvenience.

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.
(CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3274 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3271 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3276 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3273 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3275 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the grub2 package has been released.

The remote Windows host is missing an update to the Secure Boot DBX. It is, therefore, affected by multiple vulnerabilities:

  - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and     tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In     order to load an untrusted or modified kernel, an attacker would first need to establish access to the     system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote     access to a networked system with root access. With this access, an attacker could then craft a string to     cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within     GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as     system availability. (CVE-2020-10713)

  - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows     on the requested allocation size. This leads the function to return invalid memory allocations which can     be further used to cause possible integrity, confidentiality and availability impacts during the boot     process. (CVE-2020-14308)

  - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be     bypassed. This only affects systems where the kernel signing certificate has been imported directly into     the secure boot database and the GRUB image is booted directly without the use of shim. This issue     affects GRUB2 version 2.04 and prior versions. (CVE-2020-15705)

Additionally, the host is affected by several other security feature bypasses in Secure Boot.

Note: Tenable is testing for the presence of the expected signatures added in the DBX update referenced in the vendor advisory.

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3217 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3217 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3216 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3223 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3227 advisory.

  - grub2: Crafted grub.cfg file can lead to arbitrary code     execution during boot process (CVE-2020-10713)

  - grub2: grub_malloc does not validate allocation size     allowing for arithmetic overflow and subsequent heap-     based buffer overflow (CVE-2020-14308)

  - grub2: Integer overflow in grub_squash_read_symlink may     lead to heap-based buffer overflow (CVE-2020-14309)

  - grub2: Integer overflow read_section_as_string may lead     to heap-based buffer overflow (CVE-2020-14310)

  - grub2: Integer overflow in grub_ext2_read_link leads to     heap-based buffer overflow (CVE-2020-14311)

  - grub2: Fail kernel validation without shim protocol     (CVE-2020-15705)

  - grub2: Use-after-free redefining a function whilst the     same function is already executing (CVE-2020-15706)

  - grub2: Integer overflow in initrd size handling     (CVE-2020-15707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.
(CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for grub2 fixes the following issues :

Fix for CVE-2020-10713 (bsc#1168994)

Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)

Fix for CVE-2020-15706 (bsc#1174463)

Fix for CVE-2020-15707 (bsc#1174570)

Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data

Use grub_calloc for overflow check and return NULL when it would occur

Use gcc-9 compiler for overflow check builtins

Backport gcc-9 build fixes

Fix packed-not-aligned error on GCC 8 (bsc#1084632)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for grub2 fixes the following issues :

Fix for CVE-2020-10713 (bsc#1168994)

Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)

Fix for CVE-2020-15706 (bsc#1174463)

Fix for CVE-2020-15707 (bsc#1174570)

Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data

Use grub_calloc for overflow check and return NULL when it would occur

Use gcc-9 compiler for overflow check builtins

Backport gcc-9 build fixes

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for grub2 fixes the following issues :

CVE-2020-10713 (bsc#1168994)

CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)

CVE-2020-15706 (bsc#1174463)

CVE-2020-15707 (bsc#1174570)

Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data

Use grub_calloc for overflow check and return NULL when it would occur

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for grub2 fixes the following issues :

Fix for CVE-2020-10713 (bsc#1168994)

Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)

Fix for CVE-2020-15706 (bsc#1174463)

Fix for CVE-2020-15707 (bsc#1174570)

Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data

Use gcc-9 compiler for overflow check builtins

Backport gcc-9 build fixes

Fix packed-not-aligned error on GCC 8 (bsc#1084632)

Backport gcc-7 build fixes

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for grub2 fixes the following issues :

Fix for CVE-2020-10713 (bsc#1168994)

Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)

Fix for CVE-2020-15706 (bsc#1174463)

Fix for CVE-2020-15707 (bsc#1174570)

Use overflow checking primitives where the arithmetic expression for buffer

Use grub_calloc for overflow check and return NULL when it would occur

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Description of changes:

[2.02-82.0.2.el8_2.1]
- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]
- Update signing certificate for efi binaries

Description of changes:

[2.02-81.0.3]
- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]
- Update signing certificate for efi binaries

Several vulnerabilities have been discovered in the GRUB2 bootloader.

  - CVE-2020-10713     A flaw in the grub.cfg parsing code was found allowing     to break UEFI Secure Boot and load arbitrary code.
    Details can be found at     https://www.eclypsium.com/2020/07/29/theres-a-hole-in-th     e-boot/

  - CVE-2020-14308     It was discovered that grub_malloc does not validate the     allocation size allowing for arithmetic overflow and     subsequently a heap-based buffer overflow.

  - CVE-2020-14309     An integer overflow in grub_squash_read_symlink may lead     to a heap based buffer overflow.

  - CVE-2020-14310     An integer overflow in read_section_from_string may lead     to a heap based buffer overflow.

  - CVE-2020-14311     An integer overflow in grub_ext2_read_link may lead to a     heap-based buffer overflow.

  - CVE-2020-15706     script: Avoid a use-after-free when redefining a     function during execution.

  - CVE-2020-15707     An integer overflow flaw was found in the initrd size     handling.

Further detailed information can be found at https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot

ID	Name	Product	Family	Severity
139956	EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1853)	Nessus	Huawei Local Security Checks	medium
139449	openSUSE Security Update : grub2 (openSUSE-2020-1169)	Nessus	SuSE Local Security Checks	medium
139448	openSUSE Security Update : grub2 (openSUSE-2020-1168)	Nessus	SuSE Local Security Checks	medium
139365	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB2 regression (USN-4432-2)	Nessus	Ubuntu Local Security Checks	medium
139294	RHEL 7 : grub2 (RHSA-2020:3274)	Nessus	Red Hat Local Security Checks	medium
139288	RHEL 7 : grub2 (RHSA-2020:3271)	Nessus	Red Hat Local Security Checks	medium
139287	RHEL 7 : grub2 (RHSA-2020:3276)	Nessus	Red Hat Local Security Checks	medium
139284	RHEL 7 : grub2 (RHSA-2020:3273)	Nessus	Red Hat Local Security Checks	medium
139283	RHEL 7 : grub2 (RHSA-2020:3275)	Nessus	Red Hat Local Security Checks	medium
139243	Photon OS 2.0: Grub2 PHSA-2020-2.0-0267	Nessus	PhotonOS Local Security Checks	medium
139242	Photon OS 1.0: Grub2 PHSA-2020-1.0-0311	Nessus	PhotonOS Local Security Checks	medium
139239	Windows Security Feature Bypass in Secure Boot (BootHole)	Nessus	Windows	medium
139236	CentOS 7 : grub2 (CESA-2020:3217)	Nessus	CentOS Local Security Checks	medium
139198	RHEL 7 : grub2 (RHSA-2020:3217)	Nessus	Red Hat Local Security Checks	medium
139194	RHEL 8 : grub2 (RHSA-2020:3216)	Nessus	Red Hat Local Security Checks	medium
139193	RHEL 8 : grub2 (RHSA-2020:3223)	Nessus	Red Hat Local Security Checks	medium
139192	RHEL 8 : grub2 (RHSA-2020:3227)	Nessus	Red Hat Local Security Checks	medium
139179	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB 2 vulnerabilities (USN-4432-1)	Nessus	Ubuntu Local Security Checks	medium
139178	SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2079-1)	Nessus	SuSE Local Security Checks	medium
139177	SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2078-1)	Nessus	SuSE Local Security Checks	medium
139176	SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2077-1)	Nessus	SuSE Local Security Checks	medium
139175	SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2076-1)	Nessus	SuSE Local Security Checks	medium
139174	SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2074-1)	Nessus	SuSE Local Security Checks	medium
139173	SUSE SLES15 Security Update : grub2 (SUSE-SU-2020:2073-1)	Nessus	SuSE Local Security Checks	medium
139165	Oracle Linux 8 : grub2 (ELSA-2020-5786)	Nessus	Oracle Linux Local Security Checks	high
139164	Oracle Linux 7 : grub2 (ELSA-2020-5782)	Nessus	Oracle Linux Local Security Checks	high
139099	Debian DSA-4735-1 : grub2 - security update	Nessus	Debian Local Security Checks	medium

CVE-2020-14309

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins