Lucene search

K
cvelistRedhatCVELIST:CVE-2020-14308
HistoryJul 29, 2020 - 7:03 p.m.

CVE-2020-14308

2020-07-2919:03:41
redhat
www.cve.org
10
grub2
memory allocator
vulnerability
arithmetic overflows
integrity
confidentiality
availability
boot process

AI Score

7.1

Confidence

High

EPSS

0

Percentile

14.2%

In grub2 versions before 2.06 the grub memory allocator doesn’t check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

CNA Affected

[
  {
    "product": "Grub",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All grub2 versions before 2.06"
      }
    ]
  }
]