redhat enterprise-linux CVE-2020-14310 vulnerability in Red Hat and Other Products
Published on July 31, 2020

product logo product logo product logo product logo
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-14310 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2020-14310

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-14310 are published in these products:

Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Eus
 
GNU Grub2
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Tus
 
OpenSuse Leap
 
Canonical Ubuntu Linux
 

Affected Versions

The Grub2 Project grub2 Version 2.06 is affected by CVE-2020-14310

Exploit Probability

EPSS
0.06%
Percentile
18.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.