Alpine: multiple grub packages: security update to 2.06-r0

high Tenable Self-Hosted Container Security Plugin ID 423933

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs
a length calculation on the assumption that expressing a quoted single quote will require 3 characters,
while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each
quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as
well as system availability. (CVE-2021-20233)

- A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper
the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to
load an untrusted or modified kernel, an attacker would first need to establish access to the system such
as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a
networked system with root access. With this access, an attacker could then craft a string to cause a
buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The
highest threat from this vulnerability is to data confidentiality and integrity as well as system
availability. (CVE-2020-10713)

- In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on
the requested allocation size. This leads the function to return invalid memory allocations which can be
further used to cause possible integrity, confidentiality and availability impacts during the boot
process. (CVE-2020-14308)

- There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a
symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow
leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled
data. (CVE-2020-14309)

- There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font
name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer
allocation to read the value from the font value. An attacker may leverage that by crafting a malicious
font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow,
zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-10713

https://security.alpinelinux.org/vuln/CVE-2020-14308

https://security.alpinelinux.org/vuln/CVE-2020-14309

https://security.alpinelinux.org/vuln/CVE-2020-14310

https://security.alpinelinux.org/vuln/CVE-2020-14311

https://security.alpinelinux.org/vuln/CVE-2020-14372

https://security.alpinelinux.org/vuln/CVE-2020-15705

https://security.alpinelinux.org/vuln/CVE-2020-15706

https://security.alpinelinux.org/vuln/CVE-2020-15707

https://security.alpinelinux.org/vuln/CVE-2020-25632

https://security.alpinelinux.org/vuln/CVE-2020-25647

https://security.alpinelinux.org/vuln/CVE-2020-27749

https://security.alpinelinux.org/vuln/CVE-2020-27779

https://security.alpinelinux.org/vuln/CVE-2021-20225

https://security.alpinelinux.org/vuln/CVE-2021-20233

https://security.alpinelinux.org/vuln/CVE-2021-3418

Plugin Details

Severity: High

ID: 423933

Version: Revision 1.8

Type: Local

Published: 4/4/2025

Updated: 7/29/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 7

Percentile: 98.31

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-20233

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/29/2020

Reference Information

CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-14372, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2021-3418

IAVA: 2020-A-0349