CVE-2020-14308

Priority
Description
In grub2 versions before 2.06 the grub memory allocator doesn't check for
possible arithmetic overflows on the requested allocation size. This leads
the function to return invalid memory allocations which can be further used
to cause possible integrity, confidentiality and availability impacts
during the boot process.
Ubuntu-Description
It was discovered that the memory allocator for GRUB2 did not validate
allocation size, resulting in multiple integer overflows and heap-based
buffer overflows when handling certain filesystems, PNG images or disk
metadata. A local attacker could use this to execute arbitrary code and
bypass UEFI Secure Boot restrictions.
Notes
amurraygrub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low
Package
Source: grub2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (2.02~beta2-9ubuntu1.20)
Ubuntu 16.06 ESM (Xenial Xerus):released (2.02~beta2-36ubuntu3.26)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.02-2ubuntu8.16)
Ubuntu 20.04 LTS (Focal Fossa):released (2.04-1ubuntu26.1)
Ubuntu 21.04 (Hirsute Hippo):not-affected (2.04-1ubuntu26.1)
Ubuntu 21.10 (Impish Indri):not-affected (2.04-1ubuntu26.1)
Patches:
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (1.34.22)
Ubuntu 16.06 ESM (Xenial Xerus):released (1.66.26)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.93.18)
Ubuntu 20.04 LTS (Focal Fossa):released (1.142.3)
Ubuntu 21.04 (Hirsute Hippo):not-affected (1.147)
Ubuntu 21.10 (Impish Indri):not-affected (1.147)
Patches:
More Information

Updated: 2021-09-23 19:41:43 UTC (commit 3a71382848a53fcadb5f85bc8acde88c292f02e7)