Home

CVE-2020-14308

Description

In grub2 versions before 2.06 the grub memory allocator doesnt check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

Risk Information

Base Score
6.4
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.034

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.5Windows
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.142.3+2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.93.18+2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.66.26+2.02~beta2-36ubuntu3.26_amd64.debLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-devel-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-efi-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-libs-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-common-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update mokutil-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-ia32-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-ia32-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-x64-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-x64-15-7.el7_8.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debuginfo-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debugsource-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-i386-pc-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-snapper-plugin-2.02-12.31.1.noarch.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-systemd-sleep-plugin-2.02-12.31.1.noarch.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-efi-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-xen-2.02-12.31.1.noarch.rpmLinux
grub2 security update(DSA-4735-1) grub2_2.02+dfsg1-20+deb10u2_i386.debLinux
grub2 security update(DSA-4735-1) grub2_2.02+dfsg1-20+deb10u2_amd64.debLinux
Grub2-efi-ia32 update (ELSA-2020-5786) grub2-efi-ia32-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-ia32-cdboot update (ELSA-2020-5786) grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64 update (ELSA-2020-5786) grub2-efi-x64-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64-cdboot update (ELSA-2020-5786) grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-pc update (ELSA-2020-5786) grub2-pc-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools update (ELSA-2020-5786) grub2-tools-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-efi update (ELSA-2020-5786) grub2-tools-efi-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-extra update (ELSA-2020-5786) grub2-tools-extra-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-minimal update (ELSA-2020-5786) grub2-tools-minimal-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-common update (ELSA-2020-5786) grub2-common-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-aa64-modules update (ELSA-2020-5786) grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-ia32-modules update (ELSA-2020-5786) grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-x64-modules update (ELSA-2020-5786) grub2-efi-x64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-pc-modules update (ELSA-2020-5786) grub2-pc-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update fwupdate-debuginfo-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update mokutil-debuginfo-15-7.el7_8.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2020-14308)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234