cbcvebase.
CVE-2020-14311
published 2020-07-31

CVE-2020-14311: There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of…

medium6CVSS 3.1
AVLACLPRHUINSUCNIHAH
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiangrub2< grub2 2.04-9 (bookworm)grub2 2.04-9 (bookworm)
gnugrub2< 2.062.06
gnugrub2>= 0 < 2.04-92.04-9
gnugrub2>= 0 < 2.04-92.04-9
gnugrub2>= 0 < 2.04-92.04-9
gnugrub2>= 0 < 2.04-92.04-9
gnugrub2>= 0 < 2.02~beta2-36ubuntu3.262.02~beta2-36ubuntu3.26
gnugrub2>= 0 < 2.02~beta2-36ubuntu3.272.02~beta2-36ubuntu3.27
gnugrub2>= 0 < 2.02-2ubuntu8.162.02-2ubuntu8.16
gnugrub2>= 0 < 2.02-2ubuntu8.172.02-2ubuntu8.17
gnugrub2>= 0 < 2.04-1ubuntu26.12.04-1ubuntu26.1
gnugrub2>= 0 < 2.04-1ubuntu26.22.04-1ubuntu26.2
gnugrub2>= 0 < 2.02~beta2-9ubuntu1.202.02~beta2-9ubuntu1.20
gnugrub2>= 0 < 2.02~beta2-9ubuntu1.212.02~beta2-9ubuntu1.21
msrcazl3_grub2_2.06-23_on_azure_linux_3.0
msrccbl2_grub2_2.06rc1-7_on_cbl_mariner_2.0
msrccm1_grub2_2.06rc1-4_on_cbl_mariner_1.0
opensuseleap
opensuseleap
paloaltopan-os
redhatenterprise_linux

CVSS provenance

nvdv3.16.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
osv8.2HIGH