ID CVE-2020-14310
Summary There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:grub2:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:grub2:2.04:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
CVSS
Base: 3.6 (as of 19-10-2021 - 13:19)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:P
redhat via4
rpms
  • fwupd-0:1.1.4-7.el8_2
  • fwupd-debuginfo-0:1.1.4-7.el8_2
  • fwupd-debugsource-0:1.1.4-7.el8_2
  • grub2-common-1:2.02-87.el8_2
  • grub2-debuginfo-1:2.02-87.el8_2
  • grub2-debugsource-1:2.02-87.el8_2
  • grub2-efi-aa64-1:2.02-87.el8_2
  • grub2-efi-aa64-cdboot-1:2.02-87.el8_2
  • grub2-efi-aa64-modules-1:2.02-87.el8_2
  • grub2-efi-ia32-1:2.02-87.el8_2
  • grub2-efi-ia32-cdboot-1:2.02-87.el8_2
  • grub2-efi-ia32-modules-1:2.02-87.el8_2
  • grub2-efi-x64-1:2.02-87.el8_2
  • grub2-efi-x64-cdboot-1:2.02-87.el8_2
  • grub2-efi-x64-modules-1:2.02-87.el8_2
  • grub2-pc-1:2.02-87.el8_2
  • grub2-pc-modules-1:2.02-87.el8_2
  • grub2-ppc64le-1:2.02-87.el8_2
  • grub2-ppc64le-modules-1:2.02-87.el8_2
  • grub2-tools-1:2.02-87.el8_2
  • grub2-tools-debuginfo-1:2.02-87.el8_2
  • grub2-tools-efi-1:2.02-87.el8_2
  • grub2-tools-efi-debuginfo-1:2.02-87.el8_2
  • grub2-tools-extra-1:2.02-87.el8_2
  • grub2-tools-extra-debuginfo-1:2.02-87.el8_2
  • grub2-tools-minimal-1:2.02-87.el8_2
  • grub2-tools-minimal-debuginfo-1:2.02-87.el8_2
  • shim-aa64-0:15-14.el8_2
  • shim-ia32-0:15-14.el8_2
  • shim-unsigned-x64-0:15-7.el8
  • shim-x64-0:15-14.el8_2
  • fwupdate-0:12-6.el7_8
  • fwupdate-debuginfo-0:12-6.el7_8
  • fwupdate-devel-0:12-6.el7_8
  • fwupdate-efi-0:12-6.el7_8
  • fwupdate-libs-0:12-6.el7_8
  • grub2-1:2.02-0.86.el7_8
  • grub2-common-1:2.02-0.86.el7_8
  • grub2-debuginfo-1:2.02-0.86.el7_8
  • grub2-efi-aa64-modules-1:2.02-0.86.el7_8
  • grub2-efi-ia32-1:2.02-0.86.el7_8
  • grub2-efi-ia32-cdboot-1:2.02-0.86.el7_8
  • grub2-efi-ia32-modules-1:2.02-0.86.el7_8
  • grub2-efi-x64-1:2.02-0.86.el7_8
  • grub2-efi-x64-cdboot-1:2.02-0.86.el7_8
  • grub2-efi-x64-modules-1:2.02-0.86.el7_8
  • grub2-pc-1:2.02-0.86.el7_8
  • grub2-pc-modules-1:2.02-0.86.el7_8
  • grub2-ppc-modules-1:2.02-0.86.el7_8
  • grub2-ppc64-1:2.02-0.86.el7_8
  • grub2-ppc64-modules-1:2.02-0.86.el7_8
  • grub2-ppc64le-1:2.02-0.86.el7_8
  • grub2-ppc64le-modules-1:2.02-0.86.el7_8
  • grub2-tools-1:2.02-0.86.el7_8
  • grub2-tools-extra-1:2.02-0.86.el7_8
  • grub2-tools-minimal-1:2.02-0.86.el7_8
  • mokutil-0:15-7.el7_8
  • mokutil-debuginfo-0:15-7.el7_8
  • shim-ia32-0:15-7.el7_8
  • shim-unsigned-aa64-debuginfo-0:15-7.el7_9
  • shim-unsigned-ia32-0:15-7.el7_9
  • shim-unsigned-ia32-debuginfo-0:15-7.el7_9
  • shim-unsigned-x64-0:15-7.el7_9
  • shim-unsigned-x64-debuginfo-0:15-7.el7_9
  • shim-x64-0:15-7.el7_8
  • fwupd-0:1.1.4-2.el8_1
  • fwupd-debuginfo-0:1.1.4-2.el8_1
  • fwupd-debugsource-0:1.1.4-2.el8_1
  • grub2-common-1:2.02-87.el8_1
  • grub2-debuginfo-1:2.02-87.el8_1
  • grub2-debugsource-1:2.02-87.el8_1
  • grub2-efi-aa64-1:2.02-87.el8_1
  • grub2-efi-aa64-cdboot-1:2.02-87.el8_1
  • grub2-efi-aa64-modules-1:2.02-87.el8_1
  • grub2-efi-ia32-1:2.02-87.el8_1
  • grub2-efi-ia32-cdboot-1:2.02-87.el8_1
  • grub2-efi-ia32-modules-1:2.02-87.el8_1
  • grub2-efi-x64-1:2.02-87.el8_1
  • grub2-efi-x64-cdboot-1:2.02-87.el8_1
  • grub2-efi-x64-modules-1:2.02-87.el8_1
  • grub2-pc-1:2.02-87.el8_1
  • grub2-pc-modules-1:2.02-87.el8_1
  • grub2-ppc64le-1:2.02-87.el8_1
  • grub2-ppc64le-modules-1:2.02-87.el8_1
  • grub2-tools-1:2.02-87.el8_1
  • grub2-tools-debuginfo-1:2.02-87.el8_1
  • grub2-tools-efi-1:2.02-87.el8_1
  • grub2-tools-efi-debuginfo-1:2.02-87.el8_1
  • grub2-tools-extra-1:2.02-87.el8_1
  • grub2-tools-extra-debuginfo-1:2.02-87.el8_1
  • grub2-tools-minimal-1:2.02-87.el8_1
  • grub2-tools-minimal-debuginfo-1:2.02-87.el8_1
  • shim-aa64-0:15-14.el8_1
  • shim-ia32-0:15-14.el8_1
  • shim-unsigned-x64-0:15-7.el8
  • shim-x64-0:15-14.el8_1
  • fwupd-0:1.1.4-2.el8_0
  • fwupd-debuginfo-0:1.1.4-2.el8_0
  • fwupd-debugsource-0:1.1.4-2.el8_0
  • grub2-common-1:2.02-87.el8_0
  • grub2-debuginfo-1:2.02-87.el8_0
  • grub2-debugsource-1:2.02-87.el8_0
  • grub2-efi-aa64-modules-1:2.02-87.el8_0
  • grub2-efi-ia32-1:2.02-87.el8_0
  • grub2-efi-ia32-cdboot-1:2.02-87.el8_0
  • grub2-efi-ia32-modules-1:2.02-87.el8_0
  • grub2-efi-x64-1:2.02-87.el8_0
  • grub2-efi-x64-cdboot-1:2.02-87.el8_0
  • grub2-efi-x64-modules-1:2.02-87.el8_0
  • grub2-pc-1:2.02-87.el8_0
  • grub2-pc-modules-1:2.02-87.el8_0
  • grub2-ppc64le-1:2.02-87.el8_0
  • grub2-ppc64le-modules-1:2.02-87.el8_0
  • grub2-tools-1:2.02-87.el8_0
  • grub2-tools-debuginfo-1:2.02-87.el8_0
  • grub2-tools-efi-1:2.02-87.el8_0
  • grub2-tools-efi-debuginfo-1:2.02-87.el8_0
  • grub2-tools-extra-1:2.02-87.el8_0
  • grub2-tools-extra-debuginfo-1:2.02-87.el8_0
  • grub2-tools-minimal-1:2.02-87.el8_0
  • grub2-tools-minimal-debuginfo-1:2.02-87.el8_0
  • shim-ia32-0:15-14.el8_0
  • shim-x64-0:15-14.el8_0
  • fwupdate-0:12-6.el7_6
  • fwupdate-debuginfo-0:12-6.el7_6
  • fwupdate-devel-0:12-6.el7_6
  • fwupdate-efi-0:12-6.el7_6
  • fwupdate-libs-0:12-6.el7_6
  • grub2-1:2.02-0.86.el7_6
  • grub2-common-1:2.02-0.86.el7_6
  • grub2-debuginfo-1:2.02-0.86.el7_6
  • grub2-efi-aa64-1:2.02-0.86.el7_6
  • grub2-efi-aa64-cdboot-1:2.02-0.86.el7_6
  • grub2-efi-aa64-modules-1:2.02-0.86.el7_6
  • grub2-efi-ia32-1:2.02-0.86.el7_6
  • grub2-efi-ia32-cdboot-1:2.02-0.86.el7_6
  • grub2-efi-ia32-modules-1:2.02-0.86.el7_6
  • grub2-efi-x64-1:2.02-0.86.el7_6
  • grub2-efi-x64-cdboot-1:2.02-0.86.el7_6
  • grub2-efi-x64-modules-1:2.02-0.86.el7_6
  • grub2-pc-1:2.02-0.86.el7_6
  • grub2-pc-modules-1:2.02-0.86.el7_6
  • grub2-ppc-modules-1:2.02-0.86.el7_6
  • grub2-ppc64-1:2.02-0.86.el7_6
  • grub2-ppc64-modules-1:2.02-0.86.el7_6
  • grub2-ppc64le-1:2.02-0.86.el7_6
  • grub2-ppc64le-modules-1:2.02-0.86.el7_6
  • grub2-tools-1:2.02-0.86.el7_6
  • grub2-tools-extra-1:2.02-0.86.el7_6
  • grub2-tools-minimal-1:2.02-0.86.el7_6
  • mokutil-0:15-8.el7_6
  • mokutil-debuginfo-0:15-8.el7_6
  • shim-aa64-0:15-8.el7_6
  • shim-ia32-0:15-8.el7_6
  • shim-unsigned-aa64-0:15-8.el7
  • shim-unsigned-aa64-debuginfo-0:15-8.el7
  • shim-unsigned-ia32-0:15-8.el7
  • shim-unsigned-ia32-debuginfo-0:15-8.el7
  • shim-unsigned-x64-0:15-8.el7
  • shim-unsigned-x64-debuginfo-0:15-8.el7
  • shim-x64-0:15-8.el7_6
  • grub2-1:2.02-0.86.el7_2
  • grub2-common-1:2.02-0.86.el7_2
  • grub2-debuginfo-1:2.02-0.86.el7_2
  • grub2-efi-aa64-modules-1:2.02-0.86.el7_2
  • grub2-efi-ia32-1:2.02-0.86.el7_2
  • grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2
  • grub2-efi-ia32-modules-1:2.02-0.86.el7_2
  • grub2-efi-x64-1:2.02-0.86.el7_2
  • grub2-efi-x64-cdboot-1:2.02-0.86.el7_2
  • grub2-efi-x64-modules-1:2.02-0.86.el7_2
  • grub2-pc-1:2.02-0.86.el7_2
  • grub2-pc-modules-1:2.02-0.86.el7_2
  • grub2-ppc-modules-1:2.02-0.86.el7_2
  • grub2-ppc64-modules-1:2.02-0.86.el7_2
  • grub2-ppc64le-modules-1:2.02-0.86.el7_2
  • grub2-tools-1:2.02-0.86.el7_2
  • grub2-tools-extra-1:2.02-0.86.el7_2
  • grub2-tools-minimal-1:2.02-0.86.el7_2
  • mokutil-0:15-8.el7_2
  • mokutil-debuginfo-0:15-8.el7_2
  • shim-0:15-8.el7_2
  • shim-unsigned-aa64-debuginfo-0:15-8.el7
  • shim-unsigned-ia32-0:15-8.el7
  • shim-unsigned-x64-0:15-8.el7
  • shim-unsigned-x64-debuginfo-0:15-8.el7
  • fwupdate-0:12-6.el7_7
  • fwupdate-debuginfo-0:12-6.el7_7
  • fwupdate-devel-0:12-6.el7_7
  • fwupdate-efi-0:12-6.el7_7
  • fwupdate-libs-0:12-6.el7_7
  • grub2-1:2.02-0.86.el7_7
  • grub2-common-1:2.02-0.86.el7_7
  • grub2-debuginfo-1:2.02-0.86.el7_7
  • grub2-efi-aa64-modules-1:2.02-0.86.el7_7
  • grub2-efi-ia32-1:2.02-0.86.el7_7
  • grub2-efi-ia32-cdboot-1:2.02-0.86.el7_7
  • grub2-efi-ia32-modules-1:2.02-0.86.el7_7
  • grub2-efi-x64-1:2.02-0.86.el7_7
  • grub2-efi-x64-cdboot-1:2.02-0.86.el7_7
  • grub2-efi-x64-modules-1:2.02-0.86.el7_7
  • grub2-pc-1:2.02-0.86.el7_7
  • grub2-pc-modules-1:2.02-0.86.el7_7
  • grub2-ppc-modules-1:2.02-0.86.el7_7
  • grub2-ppc64-1:2.02-0.86.el7_7
  • grub2-ppc64-modules-1:2.02-0.86.el7_7
  • grub2-ppc64le-1:2.02-0.86.el7_7
  • grub2-ppc64le-modules-1:2.02-0.86.el7_7
  • grub2-tools-1:2.02-0.86.el7_7
  • grub2-tools-extra-1:2.02-0.86.el7_7
  • grub2-tools-minimal-1:2.02-0.86.el7_7
  • mokutil-0:15-8.el7_7
  • mokutil-debuginfo-0:15-8.el7_7
  • shim-ia32-0:15-8.el7_7
  • shim-unsigned-aa64-debuginfo-0:15-8.el7
  • shim-unsigned-ia32-0:15-8.el7
  • shim-unsigned-ia32-debuginfo-0:15-8.el7
  • shim-unsigned-x64-0:15-8.el7
  • shim-unsigned-x64-debuginfo-0:15-8.el7
  • shim-x64-0:15-8.el7_7
  • fwupdate-0:9-10.el7_4
  • fwupdate-debuginfo-0:9-10.el7_4
  • fwupdate-devel-0:9-10.el7_4
  • fwupdate-efi-0:9-10.el7_4
  • fwupdate-libs-0:9-10.el7_4
  • grub2-1:2.02-0.86.el7_4
  • grub2-common-1:2.02-0.86.el7_4
  • grub2-debuginfo-1:2.02-0.86.el7_4
  • grub2-efi-aa64-modules-1:2.02-0.86.el7_4
  • grub2-efi-ia32-1:2.02-0.86.el7_4
  • grub2-efi-ia32-cdboot-1:2.02-0.86.el7_4
  • grub2-efi-ia32-modules-1:2.02-0.86.el7_4
  • grub2-efi-x64-1:2.02-0.86.el7_4
  • grub2-efi-x64-cdboot-1:2.02-0.86.el7_4
  • grub2-efi-x64-modules-1:2.02-0.86.el7_4
  • grub2-pc-1:2.02-0.86.el7_4
  • grub2-pc-modules-1:2.02-0.86.el7_4
  • grub2-ppc-modules-1:2.02-0.86.el7_4
  • grub2-ppc64-modules-1:2.02-0.86.el7_4
  • grub2-ppc64le-1:2.02-0.86.el7_4
  • grub2-ppc64le-modules-1:2.02-0.86.el7_4
  • grub2-tools-1:2.02-0.86.el7_4
  • grub2-tools-extra-1:2.02-0.86.el7_4
  • grub2-tools-minimal-1:2.02-0.86.el7_4
  • mokutil-0:15-8.el7_4
  • mokutil-debuginfo-0:15-8.el7_4
  • shim-ia32-0:15-8.el7_4
  • shim-unsigned-ia32-0:15-8.el7
  • shim-unsigned-ia32-debuginfo-0:15-8.el7
  • shim-unsigned-x64-0:15-8.el7
  • shim-unsigned-x64-debuginfo-0:15-8.el7
  • shim-x64-0:15-8.el7_4
  • grub2-1:2.02-0.86.el7
  • grub2-common-1:2.02-0.86.el7
  • grub2-debuginfo-1:2.02-0.86.el7
  • grub2-efi-aa64-modules-1:2.02-0.86.el7
  • grub2-efi-ia32-1:2.02-0.86.el7
  • grub2-efi-ia32-cdboot-1:2.02-0.86.el7
  • grub2-efi-ia32-modules-1:2.02-0.86.el7
  • grub2-efi-x64-1:2.02-0.86.el7
  • grub2-efi-x64-cdboot-1:2.02-0.86.el7
  • grub2-efi-x64-modules-1:2.02-0.86.el7
  • grub2-pc-1:2.02-0.86.el7
  • grub2-pc-modules-1:2.02-0.86.el7
  • grub2-ppc-modules-1:2.02-0.86.el7
  • grub2-ppc64-modules-1:2.02-0.86.el7
  • grub2-ppc64le-1:2.02-0.86.el7
  • grub2-ppc64le-modules-1:2.02-0.86.el7
  • grub2-tools-1:2.02-0.86.el7
  • grub2-tools-extra-1:2.02-0.86.el7
  • grub2-tools-minimal-1:2.02-0.86.el7
  • mokutil-0:15-8.el7_3
  • mokutil-debuginfo-0:15-8.el7_3
  • shim-0:15-8.el7_3
  • shim-unsigned-ia32-0:15-8.el7
  • shim-unsigned-x64-0:15-8.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310
suse
  • openSUSE-SU-2020:1168
  • openSUSE-SU-2020:1169
ubuntu USN-4432-1
Last major update 19-10-2021 - 13:19
Published 31-07-2020 - 22:15
Last modified 19-10-2021 - 13:19
Back to Top