6
CVSSv3

CVE-2020-14311

Published: 31/07/2020 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8
VMScore: 325
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Summary

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu grub2

redhat enterprise linux 7.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.1

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

opensuse leap 15.1

opensuse leap 15.2

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

Vendor Advisories

Several vulnerabilities have been discovered in the GRUB2 bootloader CVE-2020-10713 A flaw in the grubcfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code Details can be found at wwweclypsiumcom/2020/07/29/theres-a-hole-in-the-boot/ CVE-2020-14308 It was discovered that grub_malloc does ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A ...
Synopsis Moderate: grub2 security and bug fix update Type / Sévérité Security Advisory: Moderate Sujet An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterpr ...
Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, and fwupd is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common V ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Mo ...
Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-unsigned-x64, and fwupd is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A ...
Synopsis Moderate: grub2 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Synopsis Moderate: grub2 security update Type/Severity Security Advisory: Moderate Topic An update for grub2, shim, shim-unsigned-x64, and fwupd is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux This vulnerability, known as “There’s a Hole in the Boot” (also nicknamed “BootHole”), could allow bypass of UEFI Secure Boot and allow arbitrary code execution Additional GRUB2 vulnerabilities found in response to the initial report ...
HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux This vulnerability, known as “There’s a Hole in the Boot” (also nicknamed “BootHole”), could allow bypass of UEFI Secure Boot and allow arbitrary code execution Additional GRUB2 vulnerabilities found in response to the initial report ...

ICS Advisories

Hitachi Energy APM Edge
Critical Infrastructure Sectors: Energy

Mailing Lists

<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Containers-optimized OS (COS) membership in the linux-distros list <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> multiple secure boot grub2 and linux kernel vulnerabilities <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: John ...
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Containers-optimized OS (COS) membership in the linux-distros list <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...