CVE-2020-10713

CVE-2020-10713 affects GRUB2 prior to 2.06. The flaw allows an attacker to hijack/tamper the GRUB verification process and bypass Secure Boot, enabling arbitrary code execution during boot when a crafted grub.cfg is processed. Exploitation requires local access or access to modify boot/network se...

CVE-2020-10713 - BootHole

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

kernel: lockdown: bypass through ACPI write via acpi_configfs

A flaw was found in how the ACPI table loading through acpiconfigfs was handled when the kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as wel...

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

Design/Logic Flaw

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances VMIs can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any...

CVE-2020-14316

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances VMIs can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any...

grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

kernel: lockdown: bypass through ACPI write via efivar_ssdt

A flaw was found in how the ACPI table loading through the EFI variable and the related efivarssdt boot option was handled when the Linux kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerabilit...

kernel: lockdown: bypass through ACPI write via acpi_configfs

A flaw was found in how the ACPI table loading through acpiconfigfs was handled when the kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as wel...

kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c

A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability...

CVE-2020-14311

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

CVE-2020-14310

A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability...

CVE-2020-14309

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

CVE-2020-14308

A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based...

UBUNTU-CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...