CVSS Base Vector:
The remote host is missing an update for the 'shim-unsigned-ia32'
Linux Distribution Package(s) announced via the CESA-2020:3217 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
The grub2 Linux Distribution Packages provide version 2 of the Grand Unified Boot Loader
(GRUB), a highly configurable and customizable boot loader with modular
architecture. The Linux Distribution Packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
The shim Linux Distribution Package contains a first-stage UEFI boot loader that handles
chaining to a trusted full boot loader under secure boot environments.
The fwupdate Linux Distribution Packages provide a service that allows session software to
update device firmware.
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for
arithmetic overflow and subsequent heap-based buffer overflow
* grub2: Integer overflow in grub_squash_read_symlink may lead to
heap-based buffer overflow (CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based
buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is
already executing (CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
* grub2 doesn't handle relative paths correctly for UEFI HTTP Boot
* UEFI HTTP boot over IPv6 does not work (BZ#1732765)
Users of grub2 are advised to upgrade to these updated Linux Distribution Packages, which fix
'shim-unsigned-ia32' Linux Distribution Package(s) on CentOS 7.
Please install the updated Linux Distribution Package(s).
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Linux Distribution Package