Vulnerabilities > CVE-2020-14311
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
HIGH Availability impact
HIGH Summary
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| OS | 6 | |
| OS | 2 | |
| OS | 4 |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- http://www.openwall.com/lists/oss-security/2021/09/17/2
- http://www.openwall.com/lists/oss-security/2021/09/17/2
- http://www.openwall.com/lists/oss-security/2021/09/17/4
- http://www.openwall.com/lists/oss-security/2021/09/17/4
- http://www.openwall.com/lists/oss-security/2021/09/21/1
- http://www.openwall.com/lists/oss-security/2021/09/21/1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311
- https://security.gentoo.org/glsa/202104-05
- https://security.gentoo.org/glsa/202104-05
- https://usn.ubuntu.com/4432-1/
- https://usn.ubuntu.com/4432-1/