CVE-2020-10713

CWE-120Classic Buffer OverflowCWE-119Buffer OverflowCWE-787Out-of-bounds Write16 documents13 sources
Severity
8.2HIGH
EPSS
0.3%
top 50.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU Grub2Vmware Photon OSDebian Debian Linux+1 more
Timeline
PublishedJul 30
Latest updateMay 24

Description

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craf

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages7 packages

NVDgnu/grub2< 2.06
Debiangrub2< 2.04-9+3
Ubuntugrub2< 2.02~beta2-36ubuntu3.26+3
Ubuntugrub2-signed< 1.66.26+3
CVEListV5grubAll grub2 versions before 2.06

Also affects: Debian Linux 10.0

🔴Vulnerability Details

5
GHSA
GHSA-m2fm-gm84-v5jq: A flaw was found in grub2, prior to version 22022-05-24
OSV
CVE-2020-10713: A flaw was found in grub2, prior to version 22020-07-30
CVEList
CVE-2020-10713: A flaw was found in grub2, prior to version 22020-07-30
OSV
grub2, grub2-signed vulnerabilities2020-07-29
VulnCheck
GNU grub2 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')2020

📋Vendor Advisories

5
Cisco
GRUB2 Arbitrary Code Execution Vulnerability2020-08-04
Ubuntu
GRUB 2 vulnerabilities2020-07-29
Red Hat
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process2020-07-29
Microsoft
A flaw was found in grub2 prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In2020-07-14
Debian
CVE-2020-10713: grub2 - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2...2020

🕵️Threat Intelligence

2
Qualys
GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713) - Automatically Discover, Prioritize and Remediate Using Qualys VMDR® | Qualys2020-08-03
Qualys
GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®2020-08-03

💬Community

2
Bugzilla
CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process [fedora-all]2020-08-03
Bugzilla
CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process2020-04-17
CVE-2020-10713 (HIGH CVSS 8.2) | A flaw was found in grub2 | cvebase.io