CVE-2020-14308

6.4MEDIUM

Key Information:

Vendor: Gnu
Status: Grub
Vendor: CVE Published:; 29 July 2020

Summary

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

Affected Version(s)

Grub All grub2 versions before 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1852009

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2020/07/29/3

mailing-listx_refsource_MLIST

https://security.netapp.com/advisory/ntap-20200731-0008/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jun 17, 2020

.