csaf_suse - suse-su-2020:14461-1

SUSE-SU-2020:14461-1

Vulnerability from csaf_suse - Published: 2020-08-25 12:49 - Updated: 2020-08-25 12:49

Summary

Security update for grub2

Notes

Title of the patch

Security update for grub2

Description of the patch

This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).

Patchnames

slessp4-grub2-14461

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for grub2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for grub2 fixes the following issues:\n\n- CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "slessp4-grub2-14461",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_14461-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:14461-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014461-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:14461-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-August/007297.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174421",
        "url": "https://bugzilla.suse.com/1174421"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15705 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15705/"
      }
    ],
    "title": "Security update for grub2",
    "tracking": {
      "current_release_date": "2020-08-25T12:49:25Z",
      "generator": {
        "date": "2020-08-25T12:49:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:14461-1",
      "initial_release_date": "2020-08-25T12:49:25Z",
      "revision_history": [
        {
          "date": "2020-08-25T12:49:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grub2-x86_64-efi-2.00-0.66.21.1.x86_64",
                "product": {
                  "name": "grub2-x86_64-efi-2.00-0.66.21.1.x86_64",
                  "product_id": "grub2-x86_64-efi-2.00-0.66.21.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "grub2-x86_64-xen-2.00-0.66.21.1.x86_64",
                "product": {
                  "name": "grub2-x86_64-xen-2.00-0.66.21.1.x86_64",
                  "product_id": "grub2-x86_64-xen-2.00-0.66.21.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grub2-x86_64-efi-2.00-0.66.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-efi-2.00-0.66.21.1.x86_64"
        },
        "product_reference": "grub2-x86_64-efi-2.00-0.66.21.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grub2-x86_64-xen-2.00-0.66.21.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-xen-2.00-0.66.21.1.x86_64"
        },
        "product_reference": "grub2-x86_64-xen-2.00-0.66.21.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-efi-2.00-0.66.21.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-xen-2.00-0.66.21.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15705",
          "url": "https://www.suse.com/security/cve/CVE-2020-15705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174421 for CVE-2020-15705",
          "url": "https://bugzilla.suse.com/1174421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182890 for CVE-2020-15705",
          "url": "https://bugzilla.suse.com/1182890"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-efi-2.00-0.66.21.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-xen-2.00-0.66.21.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-efi-2.00-0.66.21.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4-LTSS:grub2-x86_64-xen-2.00-0.66.21.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-08-25T12:49:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-15705"
    }
  ]
}

CVE-2020-15705 (GCVE-0-2020-15705)

Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-17 00:06

Summary

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

canonical

References

URL

Tags

	https://www.eclypsium.com/2020/07/29/theres-a-hol…	x_refsource_CONFIRM
	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBas…	vendor-advisoryx_refsource_UBUNTU
	http://ubuntu.com/security/notices/USN-4432-1	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2020-GRUB-UEFI-Se…	vendor-advisoryx_refsource_DEBIAN
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	https://access.redhat.com/security/vulnerabilitie…	vendor-advisoryx_refsource_REDHAT
	https://www.suse.com/c/suse-addresses-grub2-secur…	vendor-advisoryx_refsource_SUSE
	https://www.suse.com/support/kb/doc/?id=000019673	vendor-advisoryx_refsource_SUSE
	https://www.openwall.com/lists/oss-security/2020/…	x_refsource_CONFIRM
	https://lists.gnu.org/archive/html/grub-devel/202…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2020/07/29/3	mailing-listx_refsource_MLIST
	https://security.netapp.com/advisory/ntap-2020073…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4432-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2021/03/02/3	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/202104-05	vendor-advisoryx_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2021/09/17/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/09/17/4	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/09/21/1	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Ubuntu	grub2 in Ubuntu	Affected: 20.04 LTS , < 2.04-1ubuntu26.1 (custom) Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom)

Credits

Mathieu Trudel-Lapierre

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1280",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
          },
          {
            "name": "openSUSE-SU-2020:1282",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
          },
          {
            "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          },
          {
            "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
          },
          {
            "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
          },
          {
            "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mathieu Trudel-Lapierre"
        }
      ],
      "datePublic": "2020-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T11:06:32",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1280",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
        },
        {
          "name": "openSUSE-SU-2020:1282",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
        },
        {
          "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        },
        {
          "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
        },
        {
          "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
        },
        {
          "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "defect": [
          "https://launchpad.net/bugs/1801968"
        ],
        "discovery": "INTERNAL"
      },
      "title": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15705",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Mathieu Trudel-Lapierre"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347 Improper Verification of Cryptographic Signature"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1280",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
            },
            {
              "name": "openSUSE-SU-2020:1282",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
            },
            {
              "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            },
            {
              "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
            },
            {
              "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
            },
            {
              "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "defect": [
            "https://launchpad.net/bugs/1801968"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15705",
    "datePublished": "2020-07-29T17:45:33.422001Z",
    "dateReserved": "2020-07-14T00:00:00",
    "dateUpdated": "2024-09-17T00:06:01.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2020:14461-1

CVE-2020-15705 (GCVE-0-2020-15705)

Tags

Sightings

Nomenclature