grub2-2.02-0.86.0.1.el7.AXS7
エラータID: AXSA:2020-257:02
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a
highly configurable and customizable boot loader with modular architecture. The
packages support a variety of kernel formats, file systems, computer
architectures, and hardware devices.
The shim package contains a first-stage UEFI boot loader that handles chaining
to a trusted full boot loader under secure boot environments.
The fwupdate packages provide a service that allows session software to update
device firmware.
Security Fix(es):
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for arithmetic
overflow and subsequent heap-based buffer overflow (CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based
buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based buffer
overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Bug Fix(es):
* grub2 doesn't handle relative paths correctly for UEFI HTTP Boot
* UEFI HTTP boot over IPv6 does not work
Users of grub2 are advised to upgrade to these updated packages, which fix these
bugs.
CVE-2020-10713
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for
possible arithmetic overflows on the requested allocation size. This leads the
function to return invalid memory allocations which can be further used to cause
possible integrity, confidentiality and availability impacts during the boot
process.
CVE-2020-14309
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-14310
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-14311
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim,
allowing secure boot to be bypassed. This only affects systems where the kernel
signing certificate has been imported directly into the secure boot database and
the GRUB image is booted directly without the use of shim. This issue affects
GRUB2 version 2.04 and prior versions.
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a
use-after-free vulnerability which can be triggered by redefining a function
whilst the same function is already executing, leading to arbitrary code
execution and secure boot restriction bypass. This issue affects GRUB2 version
2.04 and prior versions.
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and
grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red
Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading
to a heap-based buffer overflow. These could be triggered by an extremely large
number of arguments to the initrd command on 32-bit architectures, or a crafted
filesystem with very large files on any architecture. An attacker could use this
to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue
affects GRUB2 version 2.04 and prior versions.
Update packages.
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
N/A
SRPMS
- grub2-2.02-0.86.0.1.el7.AXS7.src.rpm
MD5: e57dbc49ba3645067592e5ac94402334
SHA-256: b475dcc18c15150352c8864517ed634f07e8d65b609a3dc7c735a70e59c4742c
Size: 6.91 MB
Asianux Server 7 for x86_64
- grub2-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: 34844577d64dbe0b965f6a66ee3d0f8d
SHA-256: 7b846ccfc906b5a841f23633564f49fd5870f0ac6a0de3f993942165f6e21932
Size: 31.15 kB - grub2-common-2.02-0.86.0.1.el7.AXS7.noarch.rpm
MD5: ac146ca7f8265951e209ffdecca363f9
SHA-256: c51b88b25c6736b35dac074d9a55e31255c0d1e4df4e0c880904fd6f55499ace
Size: 728.26 kB - grub2-efi-ia32-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: aef3209263483e0cc7c16ec7ba3f3a28
SHA-256: b98127b5d4b47d42a02b92bc6408c123e04bc38da032e4f17eefdb28e7474073
Size: 1.41 MB - grub2-efi-ia32-modules-2.02-0.86.0.1.el7.AXS7.noarch.rpm
MD5: 186ef0d056f5eab3e961d3c5c01a19ff
SHA-256: 721c0fe70a0d0c68823fb9983e889222eee4084e148d7b21e791fa4a954cec93
Size: 1.06 MB - grub2-efi-x64-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: 4c48e6f7c82dd1210022418af32bd21d
SHA-256: f5877940b2f917d466391bf5d3c125fccbae46b00cb9f9337e7dcd27090c92d9
Size: 1.11 MB - grub2-efi-x64-modules-2.02-0.86.0.1.el7.AXS7.noarch.rpm
MD5: a2755a2eeb7c774e4af9b33a1445f5c9
SHA-256: 1c5130edc32e6f47ef9801353c06a9a1b8dd2c62ad85ada5d28abc7724b1c741
Size: 1.09 MB - grub2-pc-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: 2ccaa3d152e36e560d374fdfd13bd285
SHA-256: 029bf28e21e3cd7c1f58035ec8a66f5a9be00d60cee405db09eedaa39de23100
Size: 31.20 kB - grub2-pc-modules-2.02-0.86.0.1.el7.AXS7.noarch.rpm
MD5: 5315df6d97e0fac8e4492e22f1009f24
SHA-256: dbfefdc21f1ade1db1c81618eb4a0dd673809045fa8dc2f4c1559f8a886a7227
Size: 849.54 kB - grub2-tools-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: 6752eae956910c2f4720a4f1a0b169a6
SHA-256: ad83917ab3040180d4d840576a37eb5ad1cd27d6a949e87f3b5e14a11fbd860a
Size: 1.78 MB - grub2-tools-extra-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: 5c4fb6737a1aa1c57bcf2e683b6393b6
SHA-256: 133bc2d6f73cddc924c1d103d47c20ecfc044d6a76d5492c860ecf77d9714527
Size: 0.98 MB - grub2-tools-minimal-2.02-0.86.0.1.el7.AXS7.x86_64.rpm
MD5: 876cc73e3e95a8fa00bdff6cee768a48
SHA-256: 58ccc02682444cbeb11c60d3c238cfd7bc05868fdff5f0aac2ec6d19b7335521
Size: 173.05 kB