CVE-2020-14309 - Vulnerability Details

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Grub2
Opensuse	Leap
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
fwupdate-0:12-6.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
grub2-1:2.02-0.86.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
shim-0:15-7.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
shim-signed-0:15-7.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
grub2-1:2.02-0.86.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
fwupdate-0:12-6.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
fwupdate-0:12-6.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 8
fwupd-0:1.1.4-7.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
shim-0:15-14.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
shim-unsigned-x64-0:15-7.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
fwupd-0:1.1.4-2.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
shim-0:15-14.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
fwupd-0:1.1.4-2.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
shim-0:15-14.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
shim-unsigned-x64-0:15-7.el8	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
https://bugzilla.redhat.com/show_bug.cgi?id=1852022
https://nvd.nist.gov/vuln/detail/CVE-2020-14309
https://security.gentoo.org/glsa/202104-05
https://security.netapp.com/advisory/ntap-20200731-0008/
https://usn.ubuntu.com/4432-1/
https://www.cve.org/CVERecord?id=CVE-2020-14309

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-07-30T12:49:31

Updated: 2024-08-04T12:39:36.530Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14309

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-30T13:15:10.987

Modified: 2024-11-21T05:02:58.653

Link: CVE-2020-14309

Redhat

Severity : Moderate

Publid Date: 2020-07-29T17:00:00Z

Links: CVE-2020-14309 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Grub", "vendor": "n/a", "versions": [{"status": "affected", "version": "All grub2 versions before 2.06"}]}], "descriptions": [{"lang": "en", "value": "There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data."}], "problemTypes": [{"descriptions": [{"description": "Integer Overflow or Wraparound leading to Heap-based Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-01T01:08:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "openSUSE-SU-2020:1169", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "GLSA-202104-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202104-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14309", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Grub", "version": {"version_data": [{"version_value": "All grub2 versions before 2.06"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer Overflow or Wraparound leading to Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"}, {"name": "https://security.netapp.com/advisory/ntap-20200731-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "openSUSE-SU-2020:1169", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "GLSA-202104-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202104-05"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.530Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "openSUSE-SU-2020:1169", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "GLSA-202104-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202104-05"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14309", "datePublished": "2020-07-30T12:49:31", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.530Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "matchCriteriaId": "01F8D62F-70BB-4718-A095-D68540C17EEA", "versionEndExcluding": "2.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data."}, {"lang": "es", "value": "Se presenta un problema con grub2 en todas las versiones anteriores a 2.06, cuando se manejan sistemas de archivos squashfs que contienen un enlace simb\u00f3lico con una longitud de nombre de UINT32 bytes de tama\u00f1o. El tama\u00f1o del nombre conlleva a un desbordamiento aritm\u00e9tico conllevando a una asignaci\u00f3n de tama\u00f1o cero, causando un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria con datos controlados por el atacante"}], "id": "CVE-2020-14309", "lastModified": "2024-11-21T05:02:58.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-30T13:15:10.987", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4432-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4432-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "fwupdate-0:12-6.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "grub2-1:2.02-0.86.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-0:15-7.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-signed-0:15-7.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "grub2-1:2.02-0.86.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "shim-signed-0:15-8.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "fwupdate-0:12-6.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "grub2-1:2.02-0.86.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "shim-signed-0:15-8.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "fwupdate-0:12-6.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "grub2-1:2.02-0.86.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "shim-signed-0:15-8.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "fwupd-0:1.1.4-7.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "grub2-1:2.02-87.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-0:15-14.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-unsigned-x64-0:15-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "fwupd-0:1.1.4-2.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "grub2-1:2.02-87.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "shim-0:15-14.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "fwupd-0:1.1.4-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "grub2-1:2.02-87.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "shim-0:15-14.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "shim-unsigned-x64-0:15-7.el8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}], "bugzilla": {"description": "grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow", "id": "1852022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.", "A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2020-14309", "public_date": "2020-07-29T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14309\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14309"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object