CVE-2020-14308 - Vulnerability Details

CVE-2020-14308 - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Grub2
Opensuse	Leap
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
fwupdate-0:12-6.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
grub2-1:2.02-0.86.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
shim-0:15-7.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
shim-signed-0:15-7.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
grub2-1:2.02-0.86.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
fwupdate-0:12-6.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
fwupdate-0:12-6.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 8
fwupd-0:1.1.4-7.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
shim-0:15-14.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
shim-unsigned-x64-0:15-7.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
fwupd-0:1.1.4-2.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
shim-0:15-14.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
fwupd-0:1.1.4-2.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
shim-0:15-14.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
shim-unsigned-x64-0:15-7.el8	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
http://www.openwall.com/lists/oss-security/2020/07/29/3
http://www.openwall.com/lists/oss-security/2021/09/17/2
http://www.openwall.com/lists/oss-security/2021/09/17/4
http://www.openwall.com/lists/oss-security/2021/09/21/1
https://bugzilla.redhat.com/show_bug.cgi?id=1852009
https://nvd.nist.gov/vuln/detail/CVE-2020-14308
https://security.gentoo.org/glsa/202104-05
https://security.netapp.com/advisory/ntap-20200731-0008/
https://usn.ubuntu.com/4432-1/
https://www.cve.org/CVERecord?id=CVE-2020-14308

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-07-29T19:03:41

Updated: 2024-08-04T12:39:36.360Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14308

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-29T20:15:12.397

Modified: 2024-11-21T05:02:58.490

Link: CVE-2020-14308

Redhat

Severity : Moderate

Publid Date: 2020-07-29T17:00:00Z

Links: CVE-2020-14308 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Grub", "vendor": "n/a", "versions": [{"status": "affected", "version": "All grub2 versions before 2.06"}]}], "descriptions": [{"lang": "en", "value": "In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process."}], "problemTypes": [{"descriptions": [{"description": "Integer Overflow or Wraparound leading to Heap-based Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-21T11:06:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009"}, {"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "openSUSE-SU-2020:1169", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "GLSA-202104-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"}, {"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"}, {"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14308", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Grub", "version": {"version_data": [{"version_value": "All grub2 versions before 2.06"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer Overflow or Wraparound leading to Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009"}, {"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"name": "https://security.netapp.com/advisory/ntap-20200731-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "openSUSE-SU-2020:1169", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "GLSA-202104-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202104-05"}, {"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"}, {"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"}, {"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.360Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009"}, {"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "openSUSE-SU-2020:1169", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "GLSA-202104-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"}, {"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"}, {"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14308", "datePublished": "2020-07-29T19:03:41", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.360Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "matchCriteriaId": "01F8D62F-70BB-4718-A095-D68540C17EEA", "versionEndExcluding": "2.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process."}, {"lang": "es", "value": "En grub2 versiones anteriores a 2.06, el asignador de memoria grub no comprueba posibles desbordamientos aritm\u00e9ticos en el tama\u00f1o de asignaci\u00f3n solicitada. Esto conlleva a la funci\u00f3n a devolver asignaciones de memoria no v\u00e1lidas que puedan ser usadas para causar posibles impactos de integridad, confidencialidad y disponibilidad durante el proceso de arranque"}], "id": "CVE-2020-14308", "lastModified": "2024-11-21T05:02:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-29T20:15:12.397", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4432-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4432-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "fwupdate-0:12-6.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "grub2-1:2.02-0.86.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-0:15-7.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-signed-0:15-7.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "grub2-1:2.02-0.86.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "shim-signed-0:15-8.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "fwupdate-0:12-6.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "grub2-1:2.02-0.86.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "shim-signed-0:15-8.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "fwupdate-0:12-6.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "grub2-1:2.02-0.86.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "shim-signed-0:15-8.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "fwupd-0:1.1.4-7.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "grub2-1:2.02-87.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-0:15-14.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-unsigned-x64-0:15-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "fwupd-0:1.1.4-2.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "grub2-1:2.02-87.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "shim-0:15-14.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "fwupd-0:1.1.4-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "grub2-1:2.02-87.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "shim-0:15-14.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "shim-unsigned-x64-0:15-7.el8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}], "bugzilla": {"description": "grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow", "id": "1852009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.", "A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based overflows in several code paths. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability."], "name": "CVE-2020-14308", "public_date": "2020-07-29T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14308\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14308"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object