vulnerability
Red Hat: CVE-2020-14308: CVE-2020-14308 grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
6 | (AV:L/AC:M/Au:M/C:C/I:C/A:C) | Jul 29, 2020 | Jul 30, 2020 | Jan 30, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:M/C:C/I:C/A:C)
Published
Jul 29, 2020
Added
Jul 30, 2020
Modified
Jan 30, 2025
Description
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
Solution(s)
redhat-upgrade-fwupdredhat-upgrade-fwupd-debuginforedhat-upgrade-fwupd-debugsourceredhat-upgrade-fwupdateredhat-upgrade-fwupdate-debuginforedhat-upgrade-fwupdate-develredhat-upgrade-fwupdate-efiredhat-upgrade-fwupdate-libsredhat-upgrade-grub2redhat-upgrade-grub2-commonredhat-upgrade-grub2-debuginforedhat-upgrade-grub2-debugsourceredhat-upgrade-grub2-efi-aa64-modulesredhat-upgrade-grub2-efi-ia32redhat-upgrade-grub2-efi-ia32-cdbootredhat-upgrade-grub2-efi-ia32-modulesredhat-upgrade-grub2-efi-x64redhat-upgrade-grub2-efi-x64-cdbootredhat-upgrade-grub2-efi-x64-modulesredhat-upgrade-grub2-pcredhat-upgrade-grub2-pc-modulesredhat-upgrade-grub2-ppc-modulesredhat-upgrade-grub2-ppc64-modulesredhat-upgrade-grub2-ppc64le-modulesredhat-upgrade-grub2-toolsredhat-upgrade-grub2-tools-debuginforedhat-upgrade-grub2-tools-efiredhat-upgrade-grub2-tools-efi-debuginforedhat-upgrade-grub2-tools-extraredhat-upgrade-grub2-tools-extra-debuginforedhat-upgrade-grub2-tools-minimalredhat-upgrade-grub2-tools-minimal-debuginforedhat-upgrade-mokutilredhat-upgrade-mokutil-debuginforedhat-upgrade-shim-ia32redhat-upgrade-shim-unsigned-aa64-debuginforedhat-upgrade-shim-unsigned-ia32redhat-upgrade-shim-unsigned-ia32-debuginforedhat-upgrade-shim-unsigned-x64redhat-upgrade-shim-unsigned-x64-debuginforedhat-upgrade-shim-x64

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.