VDB

CVE-2020-14311

CVE-2020-14311 PUBLISHED

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

EPSS 0.03% · 9.6th percentile

Risk Scores

EPSS Score
0.03%
9.6th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:14.04:LTSgrub20, 2.00-19ubuntu2, 2.00-19ubuntu3
Ubuntu:16.04:LTSgrub22.02~beta2-36ubuntu3.17, 2.02~beta2-32, 2.02~beta2-32ubuntu1
Ubuntu:20.04:LTSgrub22.04-1ubuntu13, 2.04-1ubuntu18, 0
Ubuntu:16.04:LTSgrub2-unsigned2.04-1ubuntu44.1.2, 2.04-1ubuntu44.1, 2.04-1ubuntu44
Ubuntu:16.04:LTSgrub2-signed1.66.1, 0, 1.55
Ubuntu:20.04:LTSgrub2-unsigned2.04-1ubuntu44.2, 2.04-1ubuntu44, 0
Ubuntu:18.04:LTSgrub2-signed1.87, 1.93.14, 0
Ubuntu:Pro:14.04:LTSgrub2-signed1.30, 0, 1.22
Ubuntu:20.04:LTSgrub2-signed1.128, 1.142, 1.142.1
Ubuntu:18.04:LTSgrub20, 2.02-2ubuntu8.2, 2.02-2ubuntu8.14
Ubuntu:18.04:LTSgrub2-unsigned2.04-1ubuntu44.1.2, 2.04-1ubuntu44, 0

Exploit Intelligence

Timeline

  • Jul 29, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Sep 22, 2021 EPSS Score
  • Oct 11, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›