Lucene search

K
centosCentOS ProjectCESA-2020:3217
HistoryJul 30, 2020 - 12:08 a.m.

grub2, mokutil, shim security update

2020-07-3000:08:50
CentOS Project
lists.centos.org
519

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

61.9%

CentOS Errata and Security Advisory CESA-2020:3217

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

The fwupdate packages provide a service that allows session software to update device firmware.

Security Fix(es):

  • grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)

  • grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)

  • grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)

  • grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)

  • grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)

  • grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

  • grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)

  • grub2: Integer overflow in initrd size handling (CVE-2020-15707)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • grub2 doesn’t handle relative paths correctly for UEFI HTTP Boot (BZ#1616395)

  • UEFI HTTP boot over IPv6 does not work (BZ#1732765)

Users of grub2 are advised to upgrade to these updated packages, which fix these bugs.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-July/085905.html
https://lists.centos.org/pipermail/centos-announce/2020-July/085907.html
https://lists.centos.org/pipermail/centos-announce/2020-July/085908.html

Affected packages:
grub2
grub2-common
grub2-efi-ia32
grub2-efi-ia32-cdboot
grub2-efi-ia32-modules
grub2-efi-x64
grub2-efi-x64-cdboot
grub2-efi-x64-modules
grub2-i386-modules
grub2-pc
grub2-pc-modules
grub2-tools
grub2-tools-extra
grub2-tools-minimal
mokutil
shim-ia32
shim-unsigned-ia32
shim-unsigned-x64
shim-x64

Upstream details at:
https://access.redhat.com/errata/RHSA-2020:3217

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

61.9%