CVE-2020-14308
Published: 29 July 2020
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
From the Ubuntu Security Team
It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions.
Notes
| Author | Note |
|---|---|
| alexmurray | grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
grub2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.02-2ubuntu8.16)
|
| focal |
Released
(2.04-1ubuntu26.1)
|
|
| groovy |
Not vulnerable
(2.04-1ubuntu26.1)
|
|
| hirsute |
Not vulnerable
(2.04-1ubuntu26.1)
|
|
| precise |
Ignored
(end of ESM support, was needed)
|
|
| trusty |
Released
(2.02~beta2-9ubuntu1.20)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.02~beta2-36ubuntu3.26)
|
|
|
grub2-signed Launchpad, Ubuntu, Debian |
bionic |
Released
(1.93.18)
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Released
(1.142.3)
|
|
| groovy |
Not vulnerable
(1.147)
|
|
| hirsute |
Not vulnerable
(1.147)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(1.34.22)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(1.66.26)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.4 |
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://ubuntu.com/security/notices/USN-4432-1
- NVD
- Launchpad
- Debian