CVE-2020-25647

HIGH Year: 2020
CVSS v3 Score
7.6
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-787
View all →

Vulnerability Description

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related Vulnerabilities

CVE-2022-1238

HIGH
CVSS:7.6(High)

Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap b...

CWE-7872022

CVE-2023-48229

HIGH
CVSS:7.6(High)

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG o...

CWE-7872023

CVE-2024-1913

HIGH
CVSS:7.6(High)

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be ex...

CWE-7872024

CVE-2025-0624

HIGH
CVSS:7.6(High)

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using...

CWE-7872025

CVE-2006-20001

HIGH
CVSS:7.5(High)

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. Th...

CWE-7872006