Launchpad CVE tracker

CVE 2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Related bugs and status

CVE-2020-14311 (Candidate) is related to these bugs:

Bug #1401532: GRUB's Secure Boot implementation loads unsigned kernel without warning

		In	Importance	Status
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Bionic)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Bionic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-14311

References