Arithmetic Overflow Vulnerability in GRUB2 Allocator Affecting Multiple Linux Distributions
CVE-2020-14308

6.4MEDIUM

Key Information:

Vendor

Gnu
Status
Grub
Vendor
CVE Published:
29 July 2020

What is CVE-2020-14308?

A vulnerability exists in the memory allocator of GRUB2 versions earlier than 2.06, which does not properly validate the requested allocation size, potentially leading to invalid memory allocations. This flaw may compromise the integrity, confidentiality, and availability of the system during the critical boot process, allowing attackers to exploit memory allocation failures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Grub All grub2 versions before 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1852009
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/07/29/3
mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-20200731-0008/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.