CVE-2020-14311

Published: 29 July 2020

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

From the Ubuntu Security Team

Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems, font files or PNG images, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions.

Notes

Author	Note
alexmurray	grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low

Priority

Cvss 3 Severity Score

5.7

Score breakdown

Status

Package	Release	Status
grub2 Launchpad, Ubuntu, Debian	bionic	Released (2.02-2ubuntu8.16)
	focal	Released (2.04-1ubuntu26.1)
	groovy	Not vulnerable (2.04-1ubuntu26.1)
	hirsute	Not vulnerable (2.04-1ubuntu26.1)
	precise	Ignored (end of ESM support, was needed)
	trusty	Released (2.02~beta2-9ubuntu1.20)
	upstream	Needs triage
	xenial	Released (2.02~beta2-36ubuntu3.26)
grub2-signed Launchpad, Ubuntu, Debian	bionic	Released (1.93.18)
	eoan	Ignored (reached end-of-life)
	focal	Released (1.142.3)
	groovy	Not vulnerable (1.147)
	hirsute	Not vulnerable (1.147)
	precise	Does not exist
	trusty	Released (1.34.22)
	upstream	Needs triage
	xenial	Released (1.66.26)

Severity score breakdown

Parameter	Value
Base score	5.7
Attack vector	Local
Attack complexity	High
Privileges required	High
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›