6
CVSSv3

CVE-2020-14310

Published: 31/07/2020 Updated: 21/11/2024

Vulnerability Summary

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu grub2

redhat enterprise linux 7.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.2

opensuse leap 15.1

opensuse leap 15.2

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

Vendor Advisories

Several vulnerabilities have been discovered in the GRUB2 bootloader CVE-2020-10713 A flaw in the grubcfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code Details can be found at wwweclypsiumcom/2020/07/29/theres-a-hole-in-the-boot/ CVE-2020-14308 It was discovered that grub_malloc does ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Mo ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux ...
Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-unsigned-x64, and fwupd is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-unsigned-x64, and fwupd is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
Synopsis Moderate: grub2 security and bug fix update Type / Sévérité Security Advisory: Moderate Sujet An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterpr ...
Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, and fwupd is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common V ...
HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux This vulnerability, known as “There’s a Hole in the Boot” (also nicknamed “BootHole”), could allow bypass of UEFI Secure Boot and allow arbitrary code execution Additional GRUB2 vulnerabilities found in response to the initial report ...
HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux This vulnerability, known as “There’s a Hole in the Boot” (also nicknamed “BootHole”), could allow bypass of UEFI Secure Boot and allow arbitrary code execution Additional GRUB2 vulnerabilities found in response to the initial report ...

ICS Advisories

Hitachi Energy APM Edge
Critical Infrastructure Sectors: Energy

Mailing Lists

[This message expands slightly on the post to the distros list on 2020-07-20] Hello All, There are several CVEs both in GRUB2 and the Linux kernel (details below) that compromise UEFI Secure boot and kernel lockdown * These bugs allow unsigned code to be booted and run on hardware configured to prevent that * Affected vendors will be pu ...

Github Repositories

FreeBSD grub-bhyve bootloader virtual machine escapes – [CVE-2020-10565, CVE-2020-10566] Introduction FreeBSD bhyve does not have legacy BIOS emulation [1] to start a VM using the full boot process As an alternative to BIOS emulation, a userspace bootloader running as host process directly loads the kernel image into the guest memory, initializes the registers, sets up t