main/grub: Multiple vulnerabilities (CVE-2020-14308,CVE-2020-14309,CVE-2020-143010,CVE-2020-14311,CVE-2020-15705,CVE-2020-15706)
Mitigation of these bugs will involve not just a new version of GRUB2 for all the affected platforms but may also require a new shim or a new kernel or both.
CVE-2020-14308
- grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
CVE-2020-14309
- grub2: Integer overflow in grub_squash_read_symlink may lead to heap based overflow,
CVE-2020-14310
- grub2: Integer overflow read_section_from_string may lead to heap based overflow,
CVE-2020-14311
- grub2: Integer overflow in grub_ext2_read_link leads to heap based buffer overflow,
CVE-2020-15705
- grub2: Avoid loading unsigned kernels when grub is booted directly under secureboot without shim (this is distros specific issue and does not apply to the GRUB2 upstream),
CVE-2020-15706
- script: Avoid a use-after-free when redefining a function during execution,
CVE-2020-15707
- grub2: Integer overflow in initrd size handling.
Reference
See https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
Affected branches
TBD