CVE-2020-15707
Severity
6.4MEDIUM
EPSS
0.0%
top 90.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 29
Latest updateMay 24
Description
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and …
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.5 | Impact: 5.2
Affected Packages8 packages
Also affects: Debian Linux 10.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, Enterprise Linux 7.0, 8.0, Openshift Container Platform 4.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-mf72-cf87-p3p2: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red↗2022-05-24
CVEList▶
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.↗2020-07-29
OSV▶
CVE-2020-15707: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red↗2020-07-29