First published: Fri Oct 09 2020(Updated: )
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/grub | <2.06 | 2.06 |
CentOS Grub2-pc-modules | <2.06 | |
Red Hat Enterprise Linux | =7.0 | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux Server | =7.2 | |
Red Hat Enterprise Linux Server | =7.3 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Server | =8.2 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Server | =8.1 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Server | =8.2 | |
Red Hat Enterprise Linux Workstation | =7.0 | |
Red Hat Fedora | =33 | |
Red Hat Fedora | =34 | |
NetApp ONTAP Select Deploy |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25647 is a vulnerability found in grub2 versions prior to 2.06 that allows an attacker to trigger memory corruption leading to arbitrary code execution.
CVE-2020-25647 has a severity score of 7.6 (High).
Grub2 versions prior to 2.06, Redhat Enterprise Linux versions 7.0 to 8.0, and Fedora versions 33 and 34 are affected by CVE-2020-25647.
To fix CVE-2020-25647, update your system to grub2 version 2.06 or higher.
You can find more information about CVE-2020-25647 in the references provided: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi?id=1886936), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/), [Reference 3](https://security.gentoo.org/glsa/202104-05).