Home

CVE-2020-14309

Description

Theres an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

Risk Information

Base Score
6.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.047

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.5Windows
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.142.3+2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.93.18+2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.66.26+2.02~beta2-36ubuntu3.26_amd64.debLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-devel-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-efi-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-libs-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-common-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update mokutil-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-ia32-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-ia32-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-x64-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-x64-15-7.el7_8.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debuginfo-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debugsource-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-i386-pc-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-snapper-plugin-2.02-12.31.1.noarch.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-systemd-sleep-plugin-2.02-12.31.1.noarch.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-efi-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-xen-2.02-12.31.1.noarch.rpmLinux
grub2 security update(DSA-4735-1) grub2_2.02+dfsg1-20+deb10u2_i386.debLinux
grub2 security update(DSA-4735-1) grub2_2.02+dfsg1-20+deb10u2_amd64.debLinux
Grub2-efi-ia32 update (ELSA-2020-5786) grub2-efi-ia32-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-ia32-cdboot update (ELSA-2020-5786) grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64 update (ELSA-2020-5786) grub2-efi-x64-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64-cdboot update (ELSA-2020-5786) grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-pc update (ELSA-2020-5786) grub2-pc-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools update (ELSA-2020-5786) grub2-tools-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-efi update (ELSA-2020-5786) grub2-tools-efi-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-extra update (ELSA-2020-5786) grub2-tools-extra-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-minimal update (ELSA-2020-5786) grub2-tools-minimal-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-common update (ELSA-2020-5786) grub2-common-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-aa64-modules update (ELSA-2020-5786) grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-ia32-modules update (ELSA-2020-5786) grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-x64-modules update (ELSA-2020-5786) grub2-efi-x64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-pc-modules update (ELSA-2020-5786) grub2-pc-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update fwupdate-debuginfo-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update mokutil-debuginfo-15-7.el7_8.x86_64.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2020-14309)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234