ALPINE-CVE-2020-15706

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2020-15706

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-15706.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2020-15706

Upstream

CVE-2020-15706

Published

2020-07-29T18:15:14Z

Modified

2025-09-30T05:17:57.663338Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

GRUB2 contains a race condition in grubscriptfunction_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

References

https://security.alpinelinux.org/vuln/CVE-2020-15706

Affected packages

Alpine:v3.17

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.18

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.19

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.20

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.21

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3

Alpine:v3.22

grub

Package

Name: grub
Purl: pkg:apk/alpine/grub?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-r0

Affected versions

2.*

2.02_beta3-r0

2.02_beta3-r1

2.02_beta3-r2

2.02_beta3-r3

2.02_beta3-r4

2.02_beta3-r5

2.02_beta3-r6

2.02_beta3-r7

2.02-r0

2.02-r1

2.02-r2

2.02-r3

2.02-r4

2.02-r5

2.02-r6

2.02-r7

2.02-r8

2.02-r9

2.02-r10

2.02-r11

2.02-r12

2.02-r13

2.02-r14

2.02-r15

2.02-r16

2.02-r17

2.02-r18

2.02-r19

2.02-r20

2.04-r0

2.04-r1

2.04-r2

2.04-r3