Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-SLES152-GRUB2X8664EFI-2704994
- published 14 Apr 2022
- disclosed 29 Jul 2020
Introduced: 29 Jul 2020CVE-2020-14308 Open this link in a new tab
How to fix?
grub2-x86_64-efi to version 2.04-9.7.1 or higher.
Note: Versions mentioned in the description apply only to the upstream
grub2-x86_64-efi package and not the
grub2-x86_64-efi package as distributed by
How to fix? for
SLES:15.2 relevant fixed versions and status.
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
- E-Mail link for SUSE-SU-2020:2074-1
- Link for SUSE-SU-2020:2074-1
- SUSE Bug 1168994
- SUSE Bug 1173812
- SUSE Bug 1174463
- SUSE Bug 1174570
- SUSE CVE CVE-2020-10713 page
- SUSE CVE CVE-2020-14308 page
- SUSE CVE CVE-2020-14309 page
- SUSE CVE CVE-2020-14310 page
- SUSE CVE CVE-2020-14311 page
- SUSE CVE CVE-2020-15706 page
- SUSE CVE CVE-2020-15707 page
- SUSE Security Ratings