First published: Mon Jun 29 2020(Updated: )
A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability is to data integrity and system availability.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/fwupdate | <0:12-6.el7_8 | 0:12-6.el7_8 |
redhat/grub2 | <1:2.02-0.86.el7_8 | 1:2.02-0.86.el7_8 |
redhat/shim | <0:15-7.el7_9 | 0:15-7.el7_9 |
redhat/shim-signed | <0:15-7.el7_8 | 0:15-7.el7_8 |
redhat/grub2 | <1:2.02-0.86.el7_2 | 1:2.02-0.86.el7_2 |
redhat/shim | <0:15-8.el7 | 0:15-8.el7 |
redhat/shim-signed | <0:15-8.el7_2 | 0:15-8.el7_2 |
redhat/grub2 | <1:2.02-0.86.el7 | 1:2.02-0.86.el7 |
redhat/shim-signed | <0:15-8.el7_3 | 0:15-8.el7_3 |
redhat/fwupdate | <0:9-10.el7_4 | 0:9-10.el7_4 |
redhat/grub2 | <1:2.02-0.86.el7_4 | 1:2.02-0.86.el7_4 |
redhat/shim-signed | <0:15-8.el7_4 | 0:15-8.el7_4 |
redhat/fwupdate | <0:12-6.el7_6 | 0:12-6.el7_6 |
redhat/grub2 | <1:2.02-0.86.el7_6 | 1:2.02-0.86.el7_6 |
redhat/shim-signed | <0:15-8.el7_6 | 0:15-8.el7_6 |
redhat/fwupdate | <0:12-6.el7_7 | 0:12-6.el7_7 |
redhat/grub2 | <1:2.02-0.86.el7_7 | 1:2.02-0.86.el7_7 |
redhat/shim-signed | <0:15-8.el7_7 | 0:15-8.el7_7 |
redhat/fwupd | <0:1.1.4-7.el8_2 | 0:1.1.4-7.el8_2 |
redhat/grub2 | <1:2.02-87.el8_2 | 1:2.02-87.el8_2 |
redhat/shim | <0:15-14.el8_2 | 0:15-14.el8_2 |
redhat/shim-unsigned-x64 | <0:15-7.el8 | 0:15-7.el8 |
redhat/fwupd | <0:1.1.4-2.el8_0 | 0:1.1.4-2.el8_0 |
redhat/grub2 | <1:2.02-87.el8_0 | 1:2.02-87.el8_0 |
redhat/shim | <0:15-14.el8_0 | 0:15-14.el8_0 |
redhat/fwupd | <0:1.1.4-2.el8_1 | 0:1.1.4-2.el8_1 |
redhat/grub2 | <1:2.02-87.el8_1 | 1:2.02-87.el8_1 |
redhat/shim | <0:15-14.el8_1 | 0:15-14.el8_1 |
Gnu Grub2 | <2.06 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
redhat/grub | <2.06 | 2.06 |
debian/grub2 | 2.06-3~deb11u6 2.06-13+deb12u1 2.12-5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-14310 is a vulnerability in grub2 that allows an attacker to craft a malicious font name, leading to buffer overflow.
CVE-2020-14310 has a severity rating of 5.7 (medium).
CVE-2020-14310 impacts affected software by allowing an attacker to exploit a buffer overflow vulnerability in grub2.
To fix CVE-2020-14310, you should upgrade to version 2.06 of grub2 or apply the appropriate security updates provided by your software vendor.
You can find more information about CVE-2020-14310 on the Red Hat website, including the official advisory and CVE page.