AZL-6456

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6456.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-6456

Upstream

CVE-2020-14308

Published

2020-07-29T20:15:12Z

Modified

2026-04-01T05:20:21.748201Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2020-14308 affecting package grub2 for versions less than 2.06~rc1-7

Details

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14308

Affected packages

Azure Linux:2 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06~rc1-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6456.json"