CVE-2020-10713: Buffer Overflow
First published: Fri Apr 17 2020(Updated: )
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/fwupdate | <0:12-6.el7_8 | 0:12-6.el7_8 |
| redhat/grub2 | <1:2.02-0.86.el7_8 | 1:2.02-0.86.el7_8 |
| redhat/shim | <0:15-7.el7_9 | 0:15-7.el7_9 |
| redhat/shim-signed | <0:15-7.el7_8 | 0:15-7.el7_8 |
| redhat/grub2 | <1:2.02-0.86.el7_2 | 1:2.02-0.86.el7_2 |
| redhat/shim | <0:15-8.el7 | 0:15-8.el7 |
| redhat/shim-signed | <0:15-8.el7_2 | 0:15-8.el7_2 |
| redhat/grub2 | <1:2.02-0.86.el7 | 1:2.02-0.86.el7 |
| redhat/shim-signed | <0:15-8.el7_3 | 0:15-8.el7_3 |
| redhat/fwupdate | <0:9-10.el7_4 | 0:9-10.el7_4 |
| redhat/grub2 | <1:2.02-0.86.el7_4 | 1:2.02-0.86.el7_4 |
| redhat/shim-signed | <0:15-8.el7_4 | 0:15-8.el7_4 |
| redhat/fwupdate | <0:12-6.el7_6 | 0:12-6.el7_6 |
| redhat/grub2 | <1:2.02-0.86.el7_6 | 1:2.02-0.86.el7_6 |
| redhat/shim-signed | <0:15-8.el7_6 | 0:15-8.el7_6 |
| redhat/fwupdate | <0:12-6.el7_7 | 0:12-6.el7_7 |
| redhat/grub2 | <1:2.02-0.86.el7_7 | 1:2.02-0.86.el7_7 |
| redhat/shim-signed | <0:15-8.el7_7 | 0:15-8.el7_7 |
| redhat/fwupd | <0:1.1.4-7.el8_2 | 0:1.1.4-7.el8_2 |
| redhat/grub2 | <1:2.02-87.el8_2 | 1:2.02-87.el8_2 |
| redhat/shim | <0:15-14.el8_2 | 0:15-14.el8_2 |
| redhat/shim-unsigned-x64 | <0:15-7.el8 | 0:15-7.el8 |
| redhat/fwupd | <0:1.1.4-2.el8_0 | 0:1.1.4-2.el8_0 |
| redhat/grub2 | <1:2.02-87.el8_0 | 1:2.02-87.el8_0 |
| redhat/shim | <0:15-14.el8_0 | 0:15-14.el8_0 |
| redhat/fwupd | <0:1.1.4-2.el8_1 | 0:1.1.4-2.el8_1 |
| redhat/grub2 | <1:2.02-87.el8_1 | 1:2.02-87.el8_1 |
| redhat/shim | <0:15-14.el8_1 | 0:15-14.el8_1 |
| redhat/redhat-virtualization-host | <0:4.3.11-20200922.0.el7_9 | 0:4.3.11-20200922.0.el7_9 |
| redhat/redhat-virtualization-host | <0:4.4.2-20200930.0.el8_2 | 0:4.4.2-20200930.0.el8_2 |
| redhat/grub | <2.06 | 2.06 |
| Gnu Grub2 | <2.06 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| VMware Photon OS | <2.0 | |
| debian/grub2 | 2.06-3~deb11u6 2.06-13+deb12u1 2.12-5 |
Remedy
There is no mitigation for the flaw.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-10713 https://nvd.nist.gov/vuln/detail/CVE-2020-10713 https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1825243
- https://access.redhat.com/errata/RHSA-2020:3217
- https://access.redhat.com/errata/RHSA-2020:3273
- https://access.redhat.com/errata/RHSA-2020:3276
- https://access.redhat.com/errata/RHSA-2020:3275
- https://access.redhat.com/errata/RHSA-2020:3271
- https://access.redhat.com/errata/RHSA-2020:3274
- https://access.redhat.com/errata/RHSA-2020:3216
- https://access.redhat.com/errata/RHSA-2020:3227
- https://access.redhat.com/errata/RHSA-2020:3223
- https://access.redhat.com/errata/RHSA-2020:4115
- https://access.redhat.com/errata/RHSA-2020:4172
- https://access.redhat.com/security/cve/cve-2020-10713
- https://www.kb.cert.org/vuls/id/174059
- https://security.netapp.com/advisory/ntap-20200731-0008/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- https://www.debian.org/security/2020/dsa-4735
- https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- http://www.openwall.com/lists/oss-security/2020/07/29/3
- https://kb.vmware.com/s/article/80181
- https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713
- https://security.gentoo.org/glsa/202104-05
- https://launchpad.net/bugs/cve/CVE-2020-10713
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e
- https://security-tracker.debian.org/tracker/CVE-2020-10713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713
- https://nvd.nist.gov/vuln/detail/CVE-2020-10713
- https://ubuntu.com/security/CVE-2020-10713
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2020-10713?
CVE-2020-10713 is a vulnerability in grub2 that allows an attacker to hijack and tamper with the GRUB verification process.
How severe is CVE-2020-10713?
CVE-2020-10713 has a severity score of 8.2, which is considered high.
How can an attacker exploit CVE-2020-10713?
An attacker can exploit CVE-2020-10713 by establishing access to the system and loading an untrusted or modified kernel.
What is the remedy for CVE-2020-10713?
To fix CVE-2020-10713, you should update grub2 to version 2.06 or later.
Where can I find more information about CVE-2020-10713?
You can find more information about CVE-2020-10713 on the CVE website (https://www.cve.org/CVERecord?id=CVE-2020-10713) and the NIST NVD website (https://nvd.nist.gov/vuln/detail/CVE-2020-10713).
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-10713
- agent/software-canonical-lookup
- agent/event
- agent/references
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/gnu
- canonical/gnu grub2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/vmware
- canonical/vmware photon os
- package-manager/debian