Vulnerability CVE-2020-15705


Published: 2020-07-29

Description:
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUSE -> Suse linux enterprise server 
Redhat -> Enterprise linux atomic host 
Redhat -> Openshift container platform 
Redhat -> Enterprise linux 
Microsoft -> Windows 10 
Microsoft -> Windows 8.1 
Microsoft -> Windows rt 8.1 
Microsoft -> Windows server 2012 
Microsoft -> Windows server 2016 
Microsoft -> Windows server 2019 
GNU -> Grub2 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
http://ubuntu.com/security/notices/USN-4432-1
http://www.openwall.com/lists/oss-security/2020/07/29/3
https://access.redhat.com/security/vulnerabilities/grub2bootloader
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
https://security.netapp.com/advisory/ntap-20200731-0008/
https://usn.ubuntu.com/4432-1/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://www.openwall.com/lists/oss-security/2020/07/29/3
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
https://www.suse.com/support/kb/doc/?id=000019673

Copyright 2022, cxsecurity.com

 

Back to Top