Home

CVE-2020-14310

Description

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesnt verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

Risk Information

Base Score
6.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.06

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.5Windows
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.142.3+2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.93.18+2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.66.26+2.02~beta2-36ubuntu3.26_amd64.debLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-devel-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-efi-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-libs-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-common-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update mokutil-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-ia32-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-ia32-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-x64-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-x64-15-7.el7_8.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debuginfo-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debugsource-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-i386-pc-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-snapper-plugin-2.02-12.31.1.noarch.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-systemd-sleep-plugin-2.02-12.31.1.noarch.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-efi-2.02-12.31.1.x86_64.rpmLinux
SUSE-SU-2020:2078-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-xen-2.02-12.31.1.noarch.rpmLinux
grub2 security update(DSA-4735-1) grub2_2.02+dfsg1-20+deb10u2_i386.debLinux
grub2 security update(DSA-4735-1) grub2_2.02+dfsg1-20+deb10u2_amd64.debLinux
Grub2-efi-ia32 update (ELSA-2020-5786) grub2-efi-ia32-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-ia32-cdboot update (ELSA-2020-5786) grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64 update (ELSA-2020-5786) grub2-efi-x64-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64-cdboot update (ELSA-2020-5786) grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-pc update (ELSA-2020-5786) grub2-pc-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools update (ELSA-2020-5786) grub2-tools-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-efi update (ELSA-2020-5786) grub2-tools-efi-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-extra update (ELSA-2020-5786) grub2-tools-extra-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-minimal update (ELSA-2020-5786) grub2-tools-minimal-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-common update (ELSA-2020-5786) grub2-common-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-aa64-modules update (ELSA-2020-5786) grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-ia32-modules update (ELSA-2020-5786) grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-x64-modules update (ELSA-2020-5786) grub2-efi-x64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-pc-modules update (ELSA-2020-5786) grub2-pc-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update fwupdate-debuginfo-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update mokutil-debuginfo-15-7.el7_8.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2020-14310)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234