Your submission was sent successfully! Close

CVE-2020-14311

Published: 29 July 2020

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

From the Ubuntu security team

Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems, font files or PNG images, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions.

Priority

High

CVSS 3 base score: 5.7

Status

Package Release Status
grub2
Launchpad, Ubuntu, Debian
bionic
Released (2.02-2ubuntu8.16)
focal
Released (2.04-1ubuntu26.1)
groovy Not vulnerable
(2.04-1ubuntu26.1)
hirsute Not vulnerable
(2.04-1ubuntu26.1)
precise Ignored
(end of ESM support, was needed)
trusty
Released (2.02~beta2-9ubuntu1.20)
upstream Needs triage

xenial
Released (2.02~beta2-36ubuntu3.26)
grub2-signed
Launchpad, Ubuntu, Debian
bionic
Released (1.93.18)
eoan Ignored
(reached end-of-life)
focal
Released (1.142.3)
groovy Not vulnerable
(1.147)
hirsute Not vulnerable
(1.147)
precise Does not exist

trusty
Released (1.34.22)
upstream Needs triage

xenial
Released (1.66.26)