GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
16 Nov 2022, 03:58
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 - Patch, Third Party Advisory, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html - Broken Link, Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4432-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html - Broken Link, Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202104-05 - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* |
|
First Time |
Opensuse leap
Opensuse |
01 May 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-29 18:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-15706
Mitre link : CVE-2020-15706
CVE.ORG link : CVE-2020-15706
JSON object : View
Products Affected
microsoft
- windows_server_2016
- windows_8.1
- windows_server_2019
- windows_10
- windows_rt_8.1
- windows_server_2012
suse
- suse_linux_enterprise_server
gnu
- grub2
redhat
- enterprise_linux_atomic_host
- enterprise_linux
- openshift_container_platform
opensuse
- leap
debian
- debian_linux
canonical
- ubuntu_linux