Main Vulnerability Database Vulnerabilities #VU32923

Heap-based buffer overflow in grub - CVE-2020-14308

Published: July 30, 2020

Vulnerability identifier: #VU32923

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-14308

CWE-ID: CWE-122

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
grub

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An attacker with physical access can trigger heap-based buffer overflow and execute arbitrary code on the target system during the boot process.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2020-14308

Install updates from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2020/07/29/3
https://bugzilla.redhat.com/show_bug.cgi?id=1852009

Heap-based buffer overflow in grub - CVE-2020-14308

Detailed vulnerability description

How to mitigate CVE-2020-14308

Sources

Please verify you're human