Launchpad CVE tracker

CVE 2020-14308

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

Related bugs and status

CVE-2020-14308 (Candidate) is related to these bugs:

Bug #1401532: GRUB's Secure Boot implementation loads unsigned kernel without warning

		In	Importance	Status
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Bionic)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Bionic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-14308

References