CVE-2020-15706

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15706
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15706.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15706
Downstream
Related
Published
2020-07-29T18:15:14.420Z
Modified
2026-02-04T21:33:59.639138Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GRUB2 contains a race condition in grubscriptfunction_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

References

Affected packages

Git / github.com/containers/image

Affected ranges

Type
GIT
Repo
https://github.com/containers/image
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b49a0b7eac5a602f669dd0f4243985ef7e48033c

Affected versions

Other
v1,1
v1.*
v1.1
v1.2
v1.3
v1.4
v1.5
v1.5.1
v2.*
v2.0.0
v2.0.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v4.*
v4.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15706.json"