Vulnerability Description
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Grub2 | <= 2.04 |
| Redhat | Enterprise Linux Atomic Host | - |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 7.0 |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Rt 8.1 | - |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows Server 2019 | - |
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 10.0 |
| Opensuse | Leap | 15.1 |
| Suse | Suse Linux Enterprise Server | 11 |
| Netapp | Active Iq Unified Manager | >= 9.5 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.htmlMailing ListThird Party Advisory
- http://ubuntu.com/security/notices/USN-4432-1Third Party Advisory
- http://www.openwall.com/lists/oss-security/2020/07/29/3Mailing ListThird Party Advisory
- https://access.redhat.com/security/vulnerabilities/grub2bootloaderThird Party Advisory
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.htmlIssue TrackingVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011PatchThird Party AdvisoryVendor Advisory
- https://security.gentoo.org/glsa/202104-05Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200731-0008/Third Party Advisory
- https://usn.ubuntu.com/4432-1/Third Party Advisory
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypassThird Party Advisory
- https://www.debian.org/security/2020-GRUB-UEFI-SecureBootThird Party Advisory
- https://www.debian.org/security/2020/dsa-4735Third Party Advisory
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ExploitThird Party Advisory
- https://www.openwall.com/lists/oss-security/2020/07/29/3Mailing ListThird Party Advisory
FAQ
What is CVE-2020-15707?
CVE-2020-15707 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included...
How severe is CVE-2020-15707?
CVE-2020-15707 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15707?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2, Redhat Enterprise Linux Atomic Host, Redhat Openshift Container Platform, Redhat Enterprise Linux, Microsoft Windows 10.