Debian DSA-4735-1 : grub2 - security update

Medium Nessus Plugin ID 139099


The remote Debian host is missing a security-related update.


Several vulnerabilities have been discovered in the GRUB2 bootloader.

- CVE-2020-10713 A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code.
Details can be found at e-boot/

- CVE-2020-14308 It was discovered that grub_malloc does not validate the allocation size allowing for arithmetic overflow and subsequently a heap-based buffer overflow.

- CVE-2020-14309 An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow.

- CVE-2020-14310 An integer overflow in read_section_from_string may lead to a heap based buffer overflow.

- CVE-2020-14311 An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow.

- CVE-2020-15706 script: Avoid a use-after-free when redefining a function during execution.

- CVE-2020-15707 An integer overflow flaw was found in the initrd size handling.

Further detailed information can be found at


Upgrade the grub2 packages.

For the stable distribution (buster), these problems have been fixed in version 2.02+dfsg1-20+deb10u1.

See Also

Plugin Details

Severity: Medium

ID: 139099

File Name: debian_DSA-4735.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2020/07/30

Updated: 2020/09/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2020-14309

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:grub2, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/07/29

Vulnerability Publication Date: 2020/07/29

Reference Information

CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707

DSA: 4735

IAVA: 2020-A-0349