CVE-2020-25647
First published: Fri Oct 09 2020(Updated: )
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/grub | <2.06 | 2.06 |
| Gnu Grub2 | <2.06 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Server Aus | =7.2 | |
| Redhat Enterprise Linux Server Aus | =7.3 | |
| Redhat Enterprise Linux Server Aus | =7.4 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Aus | =7.7 | |
| Redhat Enterprise Linux Server Aus | =8.2 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.7 | |
| Redhat Enterprise Linux Server Eus | =8.1 | |
| Redhat Enterprise Linux Server Tus | =7.4 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.7 | |
| Redhat Enterprise Linux Server Tus | =8.2 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| NetApp ONTAP Select Deploy administration utility |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1886936
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
- https://security.netapp.com/advisory/ntap-20220325-0001/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1934248
- https://access.redhat.com/errata/RHSA-2021:0698
- https://access.redhat.com/errata/RHSA-2021:0696
- https://access.redhat.com/errata/RHSA-2021:0697
- https://access.redhat.com/errata/RHSA-2021:0703
- https://access.redhat.com/errata/RHSA-2021:0704
- https://access.redhat.com/errata/RHSA-2021:0702
- https://access.redhat.com/errata/RHSA-2021:0699
- https://access.redhat.com/errata/RHSA-2021:0700
- https://access.redhat.com/errata/RHSA-2021:0701
- https://access.redhat.com/security/cve/cve-2020-25647
- https://access.redhat.com/errata/RHSA-2021:1734
- https://access.redhat.com/errata/RHSA-2021:2566
- https://access.redhat.com/errata/RHSA-2021:2790
- https://access.redhat.com/errata/RHSA-2021:3675
Frequently Asked Questions
What is CVE-2020-25647?
CVE-2020-25647 is a vulnerability found in grub2 versions prior to 2.06 that allows an attacker to trigger memory corruption leading to arbitrary code execution.
How severe is CVE-2020-25647?
CVE-2020-25647 has a severity score of 7.6 (High).
Which software versions are affected by CVE-2020-25647?
Grub2 versions prior to 2.06, Redhat Enterprise Linux versions 7.0 to 8.0, and Fedora versions 33 and 34 are affected by CVE-2020-25647.
How can I fix CVE-2020-25647?
To fix CVE-2020-25647, update your system to grub2 version 2.06 or higher.
Where can I find more information about CVE-2020-25647?
You can find more information about CVE-2020-25647 in the references provided: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi?id=1886936), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/), [Reference 3](https://security.gentoo.org/glsa/202104-05).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25647
- agent/software-canonical-lookup
- vendor/gnu
- canonical/gnu grub2
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- version/redhat enterprise linux server aus/7.7
- version/redhat enterprise linux server aus/8.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.6
- version/redhat enterprise linux server eus/7.7
- version/redhat enterprise linux server eus/8.1
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.4
- version/redhat enterprise linux server tus/7.6
- version/redhat enterprise linux server tus/7.7
- version/redhat enterprise linux server tus/8.2
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- package-manager/redhat