Bug 1174570 - (CVE-2020-15707) VUL-0: CVE-2020-15707: grub2: linux: Fix integer overflows in initrd size handling
(CVE-2020-15707)
VUL-0: CVE-2020-15707: grub2: linux: Fix integer overflows in initrd size han...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Critical
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/264291/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-27 19:54 UTC by Marcus Meissner
Modified: 2021-09-23 18:46 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2020-15707.patch (4.62 KB, patch)
2020-07-27 19:55 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2020-07-27 19:55:28 UTC
Created attachment 840087 [details]
CVE-2020-15707.patch

yet another patch
Comment 2 Marcus Meissner 2020-07-27 19:56:02 UTC
This patch has also been declared mandatory to fix.

Can you apply and resubmit all grub2?
Comment 3 Michael Chang 2020-07-28 03:39:23 UTC
(In reply to Marcus Meissner from comment #2)
> This patch has also been declared mandatory to fix.
> 
> Can you apply and resubmit all grub2?

Yes I am working on it.
Comment 4 Michael Chang 2020-07-28 05:31:32 UTC
The submission is done.

SLE15-SP2_Update: srid#223010
SLE15-SP1_Update: srid#223011
SLE15_Update:     srid#223012
SLE12-SP4_Update: srid#223013
SLE12-SP3_Update: srid#223014
SLE12-SP2_Update: srid#223015
SLE11-SP4_Update: srid#223016
Comment 6 Swamp Workflow Management 2020-07-29 22:13:42 UTC
SUSE-SU-2020:2073-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise Server 15-LTSS (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    grub2-2.02-19.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-07-29 22:15:00 UTC
SUSE-SU-2020:2076-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    grub2-2.02~beta2-115.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-07-29 22:16:19 UTC
SUSE-SU-2020:2079-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    grub2-2.02-4.53.1
SUSE OpenStack Cloud 8 (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    grub2-2.02-4.53.1
SUSE Enterprise Storage 5 (src):    grub2-2.02-4.53.1
HPE Helion Openstack 8 (src):    grub2-2.02-4.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-07-29 22:17:33 UTC
SUSE-SU-2020:2078-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grub2-2.02-12.31.1
SUSE OpenStack Cloud 9 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server 12-SP5 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    grub2-2.02-12.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-07-29 22:19:26 UTC
SUSE-SU-2020:2074-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    grub2-2.04-9.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    grub2-2.04-9.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-07-29 22:21:26 UTC
SUSE-SU-2020:2077-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    grub2-2.02-26.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    grub2-2.02-26.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-07-29 22:22:44 UTC
SUSE-SU-2020:14440-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    grub2-2.00-0.66.15.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    grub2-2.00-0.66.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Marcus Meissner 2020-07-30 05:24:57 UTC
bug is public
Comment 15 Swamp Workflow Management 2020-08-08 16:14:41 UTC
openSUSE-SU-2020:1168-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    grub2-2.02-lp151.21.21.4
Comment 16 Swamp Workflow Management 2020-08-08 16:16:35 UTC
openSUSE-SU-2020:1169-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    grub2-2.04-lp152.7.3.4
Comment 20 Michael Chang 2020-08-26 05:21:17 UTC
Patch submitted so marking the status to fixed.
Comment 21 Michael Chang 2020-08-26 08:09:43 UTC
Reassign completed bug to security-team@suse.de
Comment 22 Wolfgang Frisch 2020-09-02 08:28:39 UTC
Resolved.