Arithmetic Overflow Vulnerability in GRUB2 Allocator Affecting Multiple Linux Distributions
CVE-2020-14308

6.4MEDIUM

Key Information:

Vendor
Gnu
Status
Grub
Vendor
CVE Published:
29 July 2020

Summary

A vulnerability exists in the memory allocator of GRUB2 versions earlier than 2.06, which does not properly validate the requested allocation size, potentially leading to invalid memory allocations. This flaw may compromise the integrity, confidentiality, and availability of the system during the critical boot process, allowing attackers to exploit memory allocation failures.

Affected Version(s)

Grub All grub2 versions before 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1852009
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/07/29/3
mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-20200731-0008/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.