Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in GRUB2



Published: 2020-07-30
Severity Low
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2020-10713
CVE-2020-14308
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CWE ID CWE-787
CWE-122
CWE-190
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
grub
Universal components / Libraries / Libraries used by multiple products

Vendor GNU

Security Advisory

1) Out-of-bounds Write

Severity: Low

CVSSv3: 6.1 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-10713

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a "BootHole" issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub: 1.99, 2.00, 2.02, 2.04, 2.05

CPE External links

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://access.redhat.com/security/cve/CVE-2020-10713

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Heap-based buffer overflow

Severity: Low

CVSSv3: 5.9 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14308

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An attacker with physical access can trigger heap-based buffer overflow and execute arbitrary code on the target system during the boot process.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub: 1.99, 2.00, 2.02, 2.04, 2.05

CPE External links

http://www.openwall.com/lists/oss-security/2020/07/29/3
https://bugzilla.redhat.com/show_bug.cgi?id=1852009

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14309

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when handling symlinks on ext filesustem in grub_squash_read_symlink() function. A local user can create a specially crafted symlink, trigger an integer overflow and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub: 2.00, 2.02, 2.04, 2.05

CPE External links

https://bugzilla.redhat.com/show_bug.cgi?id=1852022

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14310

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the read_section_as_string() function when processing font names. A local user can create a specially crafted font name, trigger integer overflow and crash the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub: 2.00, 2.02, 2.04, 2.05

CPE External links

https://bugzilla.redhat.com/show_bug.cgi?id=1852030

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

Severity: Low

CVSSv3: 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-14311

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the grub_ext2_read_link() function when processing symlinks. A local user can create a specially crafted symlink, trigger integer overflow and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub: 2.00, 2.02, 2.04, 2.05

CPE External links

https://bugzilla.redhat.com/show_bug.cgi?id=1852014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.