GSD-2020-15705
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15705",
"description": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",
"id": "GSD-2020-15705",
"references": [
"https://www.suse.com/security/cve/CVE-2020-15705.html",
"https://access.redhat.com/errata/RHSA-2020:3276",
"https://access.redhat.com/errata/RHSA-2020:3275",
"https://access.redhat.com/errata/RHSA-2020:3274",
"https://access.redhat.com/errata/RHSA-2020:3273",
"https://access.redhat.com/errata/RHSA-2020:3271",
"https://access.redhat.com/errata/RHSA-2020:3227",
"https://access.redhat.com/errata/RHSA-2020:3223",
"https://access.redhat.com/errata/RHSA-2020:3217",
"https://access.redhat.com/errata/RHSA-2020:3216",
"https://ubuntu.com/security/CVE-2020-15705",
"https://advisories.mageia.org/CVE-2020-15705.html",
"https://linux.oracle.com/cve/CVE-2020-15705.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15705"
],
"details": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",
"id": "GSD-2020-15705",
"modified": "2023-12-13T01:21:43.594208Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15705",
"STATE": "PUBLIC",
"TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mathieu Trudel-Lapierre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
]
},
"source": {
"advisory": "USN 4432-1",
"defect": [
"https://launchpad.net/bugs/1801968"
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2020-15705"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-04-18T15:22Z",
"publishedDate": "2020-07-29T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…