GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2020-07-29 11:15
Updated : 2021-04-30 19:15
NVD link : CVE-2020-15706
Mitre link : CVE-2020-15706
JSON object : View
CWE
Products Affected
microsoft
- windows_server_2016
- windows_rt_8.1
- windows_server_2019
- windows_10
- windows_8.1
- windows_server_2012
redhat
- enterprise_linux
- openshift_container_platform
- enterprise_linux_atomic_host
gnu
- grub2
canonical
- ubuntu_linux
suse
- suse_linux_enterprise_server
debian
- debian_linux