CVE-2020-14311 in Ubuntu

CVE-2020-14311

Priority

Description

There is an issue with grub2 before version 2.06 while handling symlink on
ext filesystems. A filesystem containing a symbolic link with an inode size
of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory
allocation with subsequent heap-based buffer overflow.

Ubuntu-Description

Chris Coulson discovered that multiple integer overflows existed in
GRUB2 when handling certain filesystems, font files or PNG images,
leading to heap-based buffer overflows. A local attacker could
use these to execute arbitrary code and bypass UEFI Secure Boot
restrictions.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
https://www.openwall.com/lists/oss-security/2020/07/29/3
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
https://ubuntu.com/security/notices/USN-4432-1

Notes

amurray

grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low

Package

Source: grub2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (2.02-2ubuntu8.16)
Ubuntu 20.04 LTS:	released (2.04-1ubuntu26.1)
Ubuntu 16.04 ESM:	released (2.02~beta2-36ubuntu3.26)
Ubuntu 14.04 ESM:	released (2.02~beta2-9ubuntu1.20)

Patches:

Package

Source: grub2-signed (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (1.93.18)
Ubuntu 20.04 LTS:	released (1.142.3)
Ubuntu 16.04 ESM:	released (1.66.26)
Ubuntu 14.04 ESM:	released (1.34.22)

Patches:

More Information

Updated: 2022-04-13 14:09:06 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)