CVE-2020-14308

Sažetak

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1852009
http://www.openwall.com/lists/oss-security/2020/07/29/3
https://security.netapp.com/advisory/ntap-20200731-0008/
https://usn.ubuntu.com/4432-1/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
https://security.gentoo.org/glsa/202104-05
http://www.openwall.com/lists/oss-security/2021/09/17/2
http://www.openwall.com/lists/oss-security/2021/09/17/4
http://www.openwall.com/lists/oss-security/2021/09/21/1

CVSS

Base:	4.4
Impact:	6.4
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-04-2022 - 15:22

Objavljeno

29-07-2020 - 20:15