rhsa-2020_3223
Vulnerability from csaf_redhat
Published
2020-07-29 19:40
Modified
2024-12-01 12:14
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2, shim, shim-unsigned-x64, and fwupd is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
[Updated 3 August 2020]
The shim and shim-unsigned-x64 packages distributed with this erratum have a known bug that can cause the boot process to hang on some systems. To prevent boot problems, customers are strongly recommended not to use the shim packages released with this erratum, and instead to apply the newer packages within RHBA-2020:3263, that were released on 1 August 2020 to address this issue.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
The fwupd packages provide a service that allows session software to update device firmware.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for grub2, shim, shim-unsigned-x64, and fwupd is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 3 August 2020]\n\nThe shim and shim-unsigned-x64 packages distributed with this erratum have a known bug that can cause the boot process to hang on some systems. To prevent boot problems, customers are strongly recommended not to use the shim packages released with this erratum, and instead to apply the newer packages within RHBA-2020:3263, that were released on 1 August 2020 to address this issue.", "title": "Topic" }, { "category": "general", "text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3223", "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/grub2bootloader", "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHBA-2020:3263", "url": "https://access.redhat.com/errata/RHBA-2020:3263" }, { "category": "external", "summary": "1825243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243" }, { "category": "external", "summary": "1852009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009" }, { "category": "external", "summary": "1852014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014" }, { "category": "external", "summary": "1852022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022" }, { "category": "external", "summary": "1852030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030" }, { "category": "external", "summary": "1860978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860978" }, { "category": "external", "summary": "1861118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118" }, { "category": "external", "summary": "1861581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861581" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3223.json" } ], "title": "Red Hat Security Advisory: grub2 security update", "tracking": { "current_release_date": "2024-12-01T12:14:13+00:00", "generator": { "date": "2024-12-01T12:14:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:3223", "initial_release_date": "2020-07-29T19:40:03+00:00", "revision_history": [ { "date": "2020-07-29T19:40:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-03T16:00:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-01T12:14:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat CodeReady Linux Builder EUS (v. 8.1)", "product": { "name": "Red Hat CodeReady Linux Builder EUS (v. 8.1)", "product_id": "CRB-8.1.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.1::crb" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product": { "name": "Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:8.1::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "shim-unsigned-x64-0:15-7.el8.x86_64", "product": { "name": "shim-unsigned-x64-0:15-7.el8.x86_64", "product_id": "shim-unsigned-x64-0:15-7.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-unsigned-x64@15-7.el8?arch=x86_64" } } }, { "category": "product_version", "name": "grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "product_id": "grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "product_id": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-efi-x64-1:2.02-87.el8_1.x86_64", "product_id": "grub2-efi-x64-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "product_id": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-pc-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-pc-1:2.02-87.el8_1.x86_64", "product_id": "grub2-pc-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-pc@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-efi-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-efi-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-efi-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-efi@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-extra-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-extra-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debugsource-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-debugsource-1:2.02-87.el8_1.x86_64", "product_id": "grub2-debugsource-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debuginfo-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-debuginfo-1:2.02-87.el8_1.x86_64", "product_id": "grub2-debuginfo-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "product": { "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "fwupd-0:1.1.4-2.el8_1.x86_64", "product": { "name": "fwupd-0:1.1.4-2.el8_1.x86_64", "product_id": "fwupd-0:1.1.4-2.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd@1.1.4-2.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "product": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "product_id": "fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debugsource@1.1.4-2.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "product": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "product_id": "fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debuginfo@1.1.4-2.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "shim-ia32-0:15-14.el8_1.x86_64", "product": { "name": "shim-ia32-0:15-14.el8_1.x86_64", "product_id": "shim-ia32-0:15-14.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-ia32@15-14.el8_1?arch=x86_64" } } }, { "category": "product_version", "name": "shim-x64-0:15-14.el8_1.x86_64", "product": { "name": "shim-x64-0:15-14.el8_1.x86_64", "product_id": "shim-x64-0:15-14.el8_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-x64@15-14.el8_1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "shim-unsigned-x64-0:15-7.el8.src", "product": { "name": "shim-unsigned-x64-0:15-7.el8.src", "product_id": "shim-unsigned-x64-0:15-7.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-unsigned-x64@15-7.el8?arch=src" } } }, { "category": "product_version", "name": "grub2-1:2.02-87.el8_1.src", "product": { "name": "grub2-1:2.02-87.el8_1.src", "product_id": "grub2-1:2.02-87.el8_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2@2.02-87.el8_1?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "fwupd-0:1.1.4-2.el8_1.src", "product": { "name": "fwupd-0:1.1.4-2.el8_1.src", "product_id": "fwupd-0:1.1.4-2.el8_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd@1.1.4-2.el8_1?arch=src" } } }, { "category": "product_version", "name": "shim-0:15-14.el8_1.src", "product": { "name": "shim-0:15-14.el8_1.src", "product_id": "shim-0:15-14.el8_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim@15-14.el8_1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "grub2-common-1:2.02-87.el8_1.noarch", "product": { "name": "grub2-common-1:2.02-87.el8_1.noarch", "product_id": "grub2-common-1:2.02-87.el8_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-common@2.02-87.el8_1?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "product": { "name": "grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "product_id": "grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-87.el8_1?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "product": { "name": "grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "product_id": "grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-87.el8_1?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "product": { "name": "grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "product_id": "grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-87.el8_1?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-pc-modules-1:2.02-87.el8_1.noarch", "product": { "name": "grub2-pc-modules-1:2.02-87.el8_1.noarch", "product_id": "grub2-pc-modules-1:2.02-87.el8_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-87.el8_1?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "product": { "name": "grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "product_id": "grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-87.el8_1?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "product_id": "grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-aa64@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "product_id": "grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-tools-1:2.02-87.el8_1.aarch64", "product_id": "grub2-tools-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-tools-extra-1:2.02-87.el8_1.aarch64", "product_id": "grub2-tools-extra-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "product_id": "grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debugsource-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-debugsource-1:2.02-87.el8_1.aarch64", "product_id": "grub2-debugsource-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debuginfo-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-debuginfo-1:2.02-87.el8_1.aarch64", "product_id": "grub2-debuginfo-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "product_id": "grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "product": { "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "fwupd-0:1.1.4-2.el8_1.aarch64", "product": { "name": "fwupd-0:1.1.4-2.el8_1.aarch64", "product_id": "fwupd-0:1.1.4-2.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd@1.1.4-2.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "product": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "product_id": "fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debugsource@1.1.4-2.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "product": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "product_id": "fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debuginfo@1.1.4-2.el8_1?arch=aarch64" } } }, { "category": "product_version", "name": "shim-aa64-0:15-14.el8_1.aarch64", "product": { "name": "shim-aa64-0:15-14.el8_1.aarch64", "product_id": "shim-aa64-0:15-14.el8_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-aa64@15-14.el8_1?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-ppc64le@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-tools-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-tools-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debugsource-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-debugsource-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-debugsource-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debugsource@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "product": { "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "product_id": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.02-87.el8_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "fwupd-0:1.1.4-2.el8_1.ppc64le", "product": { "name": "fwupd-0:1.1.4-2.el8_1.ppc64le", "product_id": "fwupd-0:1.1.4-2.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd@1.1.4-2.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "product": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "product_id": "fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debugsource@1.1.4-2.el8_1?arch=ppc64le" } } }, { "category": "product_version", "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "product": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "product_id": "fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debuginfo@1.1.4-2.el8_1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "fwupd-0:1.1.4-2.el8_1.s390x", "product": { "name": "fwupd-0:1.1.4-2.el8_1.s390x", "product_id": "fwupd-0:1.1.4-2.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd@1.1.4-2.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "product": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "product_id": "fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debugsource@1.1.4-2.el8_1?arch=s390x" } } }, { "category": "product_version", "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "product": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "product_id": "fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/fwupd-debuginfo@1.1.4-2.el8_1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "fwupd-0:1.1.4-2.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64" }, "product_reference": "fwupd-0:1.1.4-2.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-0:1.1.4-2.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le" }, "product_reference": "fwupd-0:1.1.4-2.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-0:1.1.4-2.el8_1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x" }, "product_reference": "fwupd-0:1.1.4-2.el8_1.s390x", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-0:1.1.4-2.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src" }, "product_reference": "fwupd-0:1.1.4-2.el8_1.src", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-0:1.1.4-2.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64" }, "product_reference": "fwupd-0:1.1.4-2.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64" }, "product_reference": "fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le" }, "product_reference": "fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x" }, "product_reference": "fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64" }, "product_reference": "fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64" }, "product_reference": "fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le" }, "product_reference": "fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x" }, "product_reference": "fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "fwupd-debugsource-0:1.1.4-2.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64" }, "product_reference": "fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-1:2.02-87.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src" }, "product_reference": "grub2-1:2.02-87.el8_1.src", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-common-1:2.02-87.el8_1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch" }, "product_reference": "grub2-common-1:2.02-87.el8_1.noarch", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debuginfo-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-debuginfo-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debuginfo-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debuginfo-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-debuginfo-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debugsource-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-debugsource-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debugsource-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-debugsource-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debugsource-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-debugsource-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-aa64-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch" }, "product_reference": "grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch" }, "product_reference": "grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-efi-x64-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-modules-1:2.02-87.el8_1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch" }, "product_reference": "grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-pc-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-modules-1:2.02-87.el8_1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch" }, "product_reference": "grub2-pc-modules-1:2.02-87.el8_1.noarch", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc64le-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc64le-modules-1:2.02-87.el8_1.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch" }, "product_reference": "grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-tools-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-tools-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-efi-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-efi-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-tools-extra-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-extra-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64" }, "product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le" }, "product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64" }, "product_reference": "grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-0:15-14.el8_1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src" }, "product_reference": "shim-0:15-14.el8_1.src", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-aa64-0:15-14.el8_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64" }, "product_reference": "shim-aa64-0:15-14.el8_1.aarch64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-ia32-0:15-14.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64" }, "product_reference": "shim-ia32-0:15-14.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-x64-0:15-14.el8_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 8.1)", "product_id": "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64" }, "product_reference": "shim-x64-0:15-14.el8_1.x86_64", "relates_to_product_reference": "BaseOS-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-unsigned-x64-0:15-7.el8.src as a component of Red Hat CodeReady Linux Builder EUS (v. 8.1)", "product_id": "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src" }, "product_reference": "shim-unsigned-x64-0:15-7.el8.src", "relates_to_product_reference": "CRB-8.1.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-unsigned-x64-0:15-7.el8.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v. 8.1)", "product_id": "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" }, "product_reference": "shim-unsigned-x64-0:15-7.el8.x86_64", "relates_to_product_reference": "CRB-8.1.0.Z.EUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Jesse Michael", "Mickey Shkatov" ], "organization": "Eclypsium" } ], "cve": "CVE-2020-10713", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2020-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825243" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process", "title": "Vulnerability summary" }, { "category": "other", "text": "Kernel and kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and 8 are being updated to contain the new Red Hat certificate for secure boot.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10713" }, { "category": "external", "summary": "RHBZ#1825243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243" }, { "category": "external", "summary": "RHSB-grub2bootloader", "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10713", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10713", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10713" }, { "category": "external", "summary": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html", "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html" }, { "category": "external", "summary": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/", "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/07/29/3", "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "category": "workaround", "details": "There is no mitigation for the flaw.", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14308", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852009" } ], "notes": [ { "category": "description", "text": "A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn\u0027t check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based overflows in several code paths. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14308" }, { "category": "external", "summary": "RHBZ#1852009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14308", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14308" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14309", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852022" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14309" }, { "category": "external", "summary": "RHBZ#1852022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14309", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14309" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14310", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852030" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability is to data integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14310" }, { "category": "external", "summary": "RHBZ#1852030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14310", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14310", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14310" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14311", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852014" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this vulnerability is to integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14311" }, { "category": "external", "summary": "RHBZ#1852014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14311", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14311", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14311" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow" }, { "cve": "CVE-2020-15705", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2020-07-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1860978" } ], "notes": [ { "category": "description", "text": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Fail kernel validation without shim protocol", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15705" }, { "category": "external", "summary": "RHBZ#1860978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15705", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15705" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Fail kernel validation without shim protocol" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Canonical" } ], "cve": "CVE-2020-15706", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-07-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1861118" } ], "notes": [ { "category": "description", "text": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Use-after-free redefining a function whilst the same function is already executing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15706" }, { "category": "external", "summary": "RHBZ#1861118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15706", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15706", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15706" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Use-after-free redefining a function whilst the same function is already executing" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Canonical" }, { "names": [ "Colin Watson" ], "organization": "Debian / Canonical Ltd." } ], "cve": "CVE-2020-15707", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2020-07-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1861581" } ], "notes": [ { "category": "description", "text": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow in initrd size handling", "title": "Vulnerability summary" }, { "category": "other", "text": "There\u0027s no mitigation available other than installing the update packages.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15707" }, { "category": "external", "summary": "RHBZ#1861581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861581" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15707", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15707", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15707" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-07-29T19:40:03+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3223" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.src", "BaseOS-8.1.0.Z.EUS:fwupd-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debuginfo-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.s390x", "BaseOS-8.1.0.Z.EUS:fwupd-debugsource-0:1.1.4-2.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-1:2.02-87.el8_1.src", "BaseOS-8.1.0.Z.EUS:grub2-common-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-debugsource-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-cdboot-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-efi-aa64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-ia32-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-cdboot-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-efi-x64-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-pc-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-pc-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-ppc64le-modules-1:2.02-87.el8_1.noarch", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-efi-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-extra-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.ppc64le", "BaseOS-8.1.0.Z.EUS:grub2-tools-minimal-debuginfo-1:2.02-87.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-0:15-14.el8_1.src", "BaseOS-8.1.0.Z.EUS:shim-aa64-0:15-14.el8_1.aarch64", "BaseOS-8.1.0.Z.EUS:shim-ia32-0:15-14.el8_1.x86_64", "BaseOS-8.1.0.Z.EUS:shim-x64-0:15-14.el8_1.x86_64", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.src", "CRB-8.1.0.Z.EUS:shim-unsigned-x64-0:15-7.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow in initrd size handling" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.