CVE-2020-14308 Information
Feb 14, 2021
cve
Description
In grub2 versions before 2.06 the grub memory allocator doesn’t check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity confidentiality and availability impacts during the boot process.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://www.openwall.com/lists/oss-security/2020/07/29/3 https://bugzilla.redhat.com/show_bug.cgi?id=1852009 https://security.netapp.com/advisory/ntap-20200731-0008/ https://usn.ubuntu.com/4432-1/
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.4
Share on: