CVE-2020-14308
MEDIUMGRUB2 < 2.06 - Integer Overflow in Memory Allocator
Title source: llmDescription
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
References (10)
Core 10
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1852009
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/29/3
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200731-0008/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4432-1/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202104-05
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/17/2
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/17/4
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/21/1
Scores
CVSS v3
6.4
EPSS
0.0003
EPSS Percentile
10.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (3)
gnu/grub2
< 2.06
opensuse/leap
15.1
opensuse/leap
15.2
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026