Launchpad CVE tracker

CVE 2020-14309

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

Related bugs and status

CVE-2020-14309 (Candidate) is related to these bugs:

Bug #1401532: GRUB's Secure Boot implementation loads unsigned kernel without warning

		In	Importance	Status
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Bionic)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Bionic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-14309

References