Red Hat 7 update for grub2



Published: 2020-07-30
Risk Low
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2020-10713
CVE-2020-14308
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-15705
CVE-2020-15706
CVE-2020-15707
CWE-ID CWE-787
CWE-122
CWE-190
CWE-347
CWE-362
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
grub2 (Red Hat package)
Operating systems & Components / Operating system package or component

shim-signed (Red Hat package)
Operating systems & Components / Operating system package or component

shim (Red Hat package)
Operating systems & Components / Operating system package or component

fwupdate (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, big endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Scientific Computing
Operating systems & Components / Operating system

Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system

Red Hat Enterprise Linux Workstation
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Out-of-bounds Write

EUVDB-ID: #VU32922

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-10713

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a "BootHole" issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Heap-based buffer overflow

EUVDB-ID: #VU32923

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14308

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An attacker with physical access can trigger heap-based buffer overflow and execute arbitrary code on the target system during the boot process.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU32934

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14309

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when handling symlinks on ext filesustem in grub_squash_read_symlink() function. A local user can create a specially crafted symlink, trigger an integer overflow and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU32935

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14310

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the read_section_as_string() function when processing font names. A local user can create a specially crafted font name, trigger integer overflow and crash the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU32936

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14311

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the grub_ext2_read_link() function when processing symlinks. A local user can create a specially crafted symlink, trigger integer overflow and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU32927

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15705

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected software fails to validate kernel signature when booted directly without shim. An attacker with physical access can bypass secure boot.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU32926

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15706

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code and bypass secure boot restriction.

The vulnerability exists due to a race condition in the "grub_script_function_create()" function. An attacker with physical access can exploit the race and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU32925

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15707

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the "grub_cmd_initrd" and "grub_initrd_init" functions in the "efilinux" component. An attacker with physical access can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

grub2 (Red Hat package): 2.02-0.29.el7 - 2.02-0.33.el7_2

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

shim-signed (Red Hat package): before 15-7.el7_8

shim (Red Hat package): before 15-7.el7_9

fwupdate (Red Hat package): before 12-6.el7_8

External links

http://access.redhat.com/errata/RHSA-2020:3217


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###