CVE-2020-14309 in Ubuntu

CVE-2020-14309

Priority

Description

There's an issue with grub2 in all versions before 2.06 when handling
squashfs filesystems containing a symbolic link with name length of UINT32
bytes in size. The name size leads to an arithmetic overflow leading to a
zero-size allocation further causing a heap-based buffer overflow with
attacker controlled data.

Ubuntu-Description

Chris Coulson discovered that multiple integer overflows existed in GRUB2
when handling certain filesystems or font files, leading to heap-based
buffer overflows. A local attacker could use these to execute arbitrary
code and bypass UEFI Secure Boot restrictions.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
https://www.openwall.com/lists/oss-security/2020/07/29/3
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
https://ubuntu.com/security/notices/USN-4432-1

Notes

amurray

grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low

Package

Source: grub2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (2.02-2ubuntu8.16)
Ubuntu 20.04 LTS:	released (2.04-1ubuntu26.1)
Ubuntu 16.04 ESM:	released (2.02~beta2-36ubuntu3.26)
Ubuntu 14.04 ESM:	released (2.02~beta2-9ubuntu1.20)

Patches:

Package

Source: grub2-signed (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (1.93.18)
Ubuntu 20.04 LTS:	released (1.142.3)
Ubuntu 16.04 ESM:	released (1.66.26)
Ubuntu 14.04 ESM:	released (1.34.22)

Patches:

More Information

Updated: 2022-04-13 14:09:02 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)