rhsa-2020_3273
Vulnerability from csaf_redhat
Published
2020-08-03 10:59
Modified
2024-11-05 22:36
Summary
Red Hat Security Advisory: grub2 security and bug fix update
Notes
Topic
An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* grub2 should get resynced with 7.8 branch (BZ#1861861)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 should get resynced with 7.8 branch (BZ#1861861)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3273", "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/grub2bootloader", "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader" }, { "category": "external", "summary": "1825243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243" }, { "category": "external", "summary": "1852009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009" }, { "category": "external", "summary": "1852014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014" }, { "category": "external", "summary": "1852022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022" }, { "category": "external", "summary": "1852030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030" }, { "category": "external", "summary": "1860978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860978" }, { "category": "external", "summary": "1861118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118" }, { "category": "external", "summary": "1861861", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861861" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3273.json" } ], "title": "Red Hat Security Advisory: grub2 security and bug fix update", "tracking": { "current_release_date": "2024-11-05T22:36:41+00:00", "generator": { "date": "2024-11-05T22:36:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:3273", "initial_release_date": "2020-08-03T10:59:05+00:00", "revision_history": [ { "date": "2020-08-03T10:59:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-08-03T10:59:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:36:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)", "product": { "name": "Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_aus:7.2::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product": { "name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_aus:7.2::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "grub2-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-ia32@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-x64@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-pc-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-pc-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-pc-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-pc@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-tools-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-tools-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-extra@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-tools-minimal@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-debuginfo@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-ia32-cdboot@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "product": { "name": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "product_id": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.02-0.86.el7_2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "shim-unsigned-ia32-0:15-8.el7.x86_64", "product": { "name": "shim-unsigned-ia32-0:15-8.el7.x86_64", "product_id": "shim-unsigned-ia32-0:15-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-unsigned-ia32@15-8.el7?arch=x86_64" } } }, { "category": "product_version", "name": "shim-unsigned-x64-0:15-8.el7.x86_64", "product": { "name": "shim-unsigned-x64-0:15-8.el7.x86_64", "product_id": "shim-unsigned-x64-0:15-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-unsigned-x64@15-8.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mokutil-0:15-8.el7_2.x86_64", "product": { "name": "mokutil-0:15-8.el7_2.x86_64", "product_id": "mokutil-0:15-8.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mokutil@15-8.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "shim-0:15-8.el7_2.x86_64", "product": { "name": "shim-0:15-8.el7_2.x86_64", "product_id": "shim-0:15-8.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim@15-8.el7_2?arch=x86_64" } } }, { "category": "product_version", "name": "mokutil-debuginfo-0:15-8.el7_2.x86_64", "product": { "name": "mokutil-debuginfo-0:15-8.el7_2.x86_64", "product_id": "mokutil-debuginfo-0:15-8.el7_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mokutil-debuginfo@15-8.el7_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "grub2-1:2.02-0.86.el7_2.src", "product": { "name": "grub2-1:2.02-0.86.el7_2.src", "product_id": "grub2-1:2.02-0.86.el7_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2@2.02-0.86.el7_2?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "shim-0:15-8.el7.src", "product": { "name": "shim-0:15-8.el7.src", "product_id": "shim-0:15-8.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim@15-8.el7?arch=src" } } }, { "category": "product_version", "name": "shim-signed-0:15-8.el7_2.src", "product": { "name": "shim-signed-0:15-8.el7_2.src", "product_id": "shim-signed-0:15-8.el7_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/shim-signed@15-8.el7_2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "grub2-common-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-common-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-common-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-common@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-ia32-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-pc-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-ppc64-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "product": { "name": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "product_id": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/grub2-ppc-modules@2.02-0.86.el7_2?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grub2-1:2.02-0.86.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src" }, "product_reference": "grub2-1:2.02-0.86.el7_2.src", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-common-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-common-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-pc-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-tools-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "mokutil-0:15-8.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64" }, "product_reference": "mokutil-0:15-8.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "mokutil-debuginfo-0:15-8.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64" }, "product_reference": "mokutil-debuginfo-0:15-8.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-0:15-8.el7.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:shim-0:15-8.el7.src" }, "product_reference": "shim-0:15-8.el7.src", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-0:15-8.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64" }, "product_reference": "shim-0:15-8.el7_2.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-signed-0:15-8.el7_2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src" }, "product_reference": "shim-signed-0:15-8.el7_2.src", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-unsigned-ia32-0:15-8.el7.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64" }, "product_reference": "shim-unsigned-ia32-0:15-8.el7.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-unsigned-x64-0:15-8.el7.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.2)", "product_id": "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" }, "product_reference": "shim-unsigned-x64-0:15-8.el7.x86_64", "relates_to_product_reference": "7Server-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-1:2.02-0.86.el7_2.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src" }, "product_reference": "grub2-1:2.02-0.86.el7_2.src", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-common-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-common-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-pc-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch" }, "product_reference": "grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-tools-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64" }, "product_reference": "grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-0:15-8.el7.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:shim-0:15-8.el7.src" }, "product_reference": "shim-0:15-8.el7.src", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-unsigned-ia32-0:15-8.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64" }, "product_reference": "shim-unsigned-ia32-0:15-8.el7.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "shim-unsigned-x64-0:15-8.el7.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.2)", "product_id": "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" }, "product_reference": "shim-unsigned-x64-0:15-8.el7.x86_64", "relates_to_product_reference": "7Server-optional-7.2.AUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Jesse Michael", "Mickey Shkatov" ], "organization": "Eclypsium" } ], "cve": "CVE-2020-10713", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2020-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825243" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process", "title": "Vulnerability summary" }, { "category": "other", "text": "Kernel and kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and 8 are being updated to contain the new Red Hat certificate for secure boot.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10713" }, { "category": "external", "summary": "RHBZ#1825243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243" }, { "category": "external", "summary": "RHSB-grub2bootloader", "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10713", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10713", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10713" }, { "category": "external", "summary": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html", "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html" }, { "category": "external", "summary": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/", "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/07/29/3", "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "category": "workaround", "details": "There is no mitigation for the flaw.", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14308", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852009" } ], "notes": [ { "category": "description", "text": "A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn\u0027t check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based overflows in several code paths. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14308" }, { "category": "external", "summary": "RHBZ#1852009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14308", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14308" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14309", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852022" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14309" }, { "category": "external", "summary": "RHBZ#1852022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14309", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14309", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14309" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14310", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852030" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability is to data integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14310" }, { "category": "external", "summary": "RHBZ#1852030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14310", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14310", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14310" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Ubuntu Security Team" } ], "cve": "CVE-2020-14311", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852014" } ], "notes": [ { "category": "description", "text": "A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this vulnerability is to integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14311" }, { "category": "external", "summary": "RHBZ#1852014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14311", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14311", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14311" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow" }, { "cve": "CVE-2020-15705", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2020-07-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1860978" } ], "notes": [ { "category": "description", "text": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Fail kernel validation without shim protocol", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15705" }, { "category": "external", "summary": "RHBZ#1860978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15705", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15705" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Fail kernel validation without shim protocol" }, { "acknowledgments": [ { "names": [ "Chris Coulson" ], "organization": "Canonical" } ], "cve": "CVE-2020-15706", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2020-07-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1861118" } ], "notes": [ { "category": "description", "text": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.", "title": "Vulnerability description" }, { "category": "summary", "text": "grub2: Use-after-free redefining a function whilst the same function is already executing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15706" }, { "category": "external", "summary": "RHBZ#1861118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15706", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15706", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15706" } ], "release_date": "2020-07-29T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-08-03T10:59:05+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3273" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-7.2.AUS:mokutil-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:mokutil-debuginfo-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-0:15-8.el7.src", "7Server-7.2.AUS:shim-0:15-8.el7_2.x86_64", "7Server-7.2.AUS:shim-signed-0:15-8.el7_2.src", "7Server-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.src", "7Server-optional-7.2.AUS:grub2-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-common-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-debuginfo-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-aa64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-ia32-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-ia32-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-efi-x64-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-cdboot-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-efi-x64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-pc-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-pc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-ppc64le-modules-1:2.02-0.86.el7_2.noarch", "7Server-optional-7.2.AUS:grub2-tools-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-extra-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:grub2-tools-minimal-1:2.02-0.86.el7_2.x86_64", "7Server-optional-7.2.AUS:shim-0:15-8.el7.src", "7Server-optional-7.2.AUS:shim-unsigned-ia32-0:15-8.el7.x86_64", "7Server-optional-7.2.AUS:shim-unsigned-x64-0:15-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grub2: Use-after-free redefining a function whilst the same function is already executing" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.