Bugzilla – Bug 1174463
VUL-0: CVE-2020-15706: grub2: script: Avoid a use-after-free when redefining a function during execution
Last modified: 2023-05-11 06:51:23 UTC
Created attachment 840002 [details] CVE-2020-15706.patch CVE-2020-15706.patch
is public via oss-sec and blog https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
SUSE-SU-2020:2073-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): grub2-2.02-19.48.1 SUSE Linux Enterprise Server 15-LTSS (src): grub2-2.02-19.48.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): grub2-2.02-19.48.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): grub2-2.02-19.48.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2076-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1084632,1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE OpenStack Cloud 7 (src): grub2-2.02~beta2-115.49.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): grub2-2.02~beta2-115.49.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): grub2-2.02~beta2-115.49.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): grub2-2.02~beta2-115.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2079-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1084632,1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): grub2-2.02-4.53.1 SUSE OpenStack Cloud 8 (src): grub2-2.02-4.53.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): grub2-2.02-4.53.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): grub2-2.02-4.53.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): grub2-2.02-4.53.1 SUSE Enterprise Storage 5 (src): grub2-2.02-4.53.1 HPE Helion Openstack 8 (src): grub2-2.02-4.53.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2078-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): grub2-2.02-12.31.1 SUSE OpenStack Cloud 9 (src): grub2-2.02-12.31.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): grub2-2.02-12.31.1 SUSE Linux Enterprise Server 12-SP5 (src): grub2-2.02-12.31.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): grub2-2.02-12.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2074-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): grub2-2.04-9.7.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): grub2-2.04-9.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2077-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): grub2-2.02-26.25.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): grub2-2.02-26.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:14440-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1084632,1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): grub2-2.00-0.66.15.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): grub2-2.00-0.66.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1168-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: openSUSE Leap 15.1 (src): grub2-2.02-lp151.21.21.4
openSUSE-SU-2020:1169-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1168994,1173812,1174463,1174570 CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 JIRA References: Sources used: openSUSE Leap 15.2 (src): grub2-2.04-lp152.7.3.4
The patch has been submitted so changing the status accordingly.
Reassign completed bug to security-team@suse.de
Resolved.