CVE-2020-14310

LOW

Description

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310

https://usn.ubuntu.com/4432-1/

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html

https://security.gentoo.org/glsa/202104-05

Details

Source: MITRE

Published: 2020-07-31

Updated: 2021-05-01

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 6

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
149217GLSA-202104-05 : GRUB: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
147445EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2021-1601)NessusHuawei Local Security Checks
medium
147274NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0008)NessusNewStart CGSL Local Security Checks
medium
146030CentOS 8 : grub2 (CESA-2020:3216)NessusCentOS Local Security Checks
medium
140948EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-2000)NessusHuawei Local Security Checks
medium
139956EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1853)NessusHuawei Local Security Checks
medium
139449openSUSE Security Update : grub2 (openSUSE-2020-1169)NessusSuSE Local Security Checks
medium
139448openSUSE Security Update : grub2 (openSUSE-2020-1168)NessusSuSE Local Security Checks
medium
139365Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB2 regression (USN-4432-2)NessusUbuntu Local Security Checks
medium
139294RHEL 7 : grub2 (RHSA-2020:3274)NessusRed Hat Local Security Checks
medium
139288RHEL 7 : grub2 (RHSA-2020:3271)NessusRed Hat Local Security Checks
medium
139287RHEL 7 : grub2 (RHSA-2020:3276)NessusRed Hat Local Security Checks
medium
139284RHEL 7 : grub2 (RHSA-2020:3273)NessusRed Hat Local Security Checks
medium
139283RHEL 7 : grub2 (RHSA-2020:3275)NessusRed Hat Local Security Checks
medium
139243Photon OS 2.0: Grub2 PHSA-2020-2.0-0267NessusPhotonOS Local Security Checks
medium
139242Photon OS 1.0: Grub2 PHSA-2020-1.0-0311NessusPhotonOS Local Security Checks
medium
139239Windows Security Feature Bypass in Secure Boot (BootHole)NessusWindows
medium
139236CentOS 7 : grub2 (CESA-2020:3217)NessusCentOS Local Security Checks
medium
139198RHEL 7 : grub2 (RHSA-2020:3217)NessusRed Hat Local Security Checks
medium
139194RHEL 8 : grub2 (RHSA-2020:3216)NessusRed Hat Local Security Checks
medium
139193RHEL 8 : grub2 (RHSA-2020:3223)NessusRed Hat Local Security Checks
medium
139192RHEL 8 : grub2 (RHSA-2020:3227)NessusRed Hat Local Security Checks
medium
139179Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB 2 vulnerabilities (USN-4432-1)NessusUbuntu Local Security Checks
medium
139178SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2079-1)NessusSuSE Local Security Checks
medium
139177SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2078-1)NessusSuSE Local Security Checks
medium
139176SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2077-1)NessusSuSE Local Security Checks
medium
139175SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2076-1)NessusSuSE Local Security Checks
medium
139174SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2074-1)NessusSuSE Local Security Checks
medium
139173SUSE SLES15 Security Update : grub2 (SUSE-SU-2020:2073-1)NessusSuSE Local Security Checks
medium
139165Oracle Linux 8 : grub2 (ELSA-2020-5786)NessusOracle Linux Local Security Checks
high
139164Oracle Linux 7 : grub2 (ELSA-2020-5782)NessusOracle Linux Local Security Checks
high
139099Debian DSA-4735-1 : grub2 - security updateNessusDebian Local Security Checks
medium