Debian: DSA-4735-1 Critical Grub2 Buffer Overflow Security Advisory
debian
July 29, 2020
Several vulnerabilities have been discovered in the GRUB2 bootloader
Topics Covered
Summary
CVE-2020-10713
A flaw in the grub.cfg parsing code was found allowing to break
UEFI Secure Boot and load arbitrary code. Details can be found at
CVE-2020-14308
It was discovered that grub_malloc does not validate the allocation
size allowing for arithmetic overflow and subsequently a heap-based
buffer overflow.
CVE-2020-14309
An integer overflow in grub_squash_read_symlink may lead to a heap-
based buffer overflow.
CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap-
based buffer overflow.
CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.
CVE-2020-15706
script: Avoid a use-after-free when redefining a function during
execution.
CVE-2020-15707
An integer overflow flaw was found in the initrd size handling.
Further detailed information can be found at
For the stable distribution (buster), these problems have been fixed in
version 2.02+dfsg1-20+deb10u1.
We recommend that ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: grub2
CVE ID: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!