CVE-2020-15705MEDIUM
Description
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
References
https://www.suse.com/support/kb/doc/?id=000019673
http://ubuntu.com/security/notices/USN-4432-1
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
https://access.redhat.com/security/vulnerabilities/grub2bootloader
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
https://www.openwall.com/lists/oss-security/2020/07/29/3
http://www.openwall.com/lists/oss-security/2020/07/29/3
https://security.netapp.com/advisory/ntap-20200731-0008/
https://usn.ubuntu.com/4432-1/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html
Details
Source: MITRE
Published: 2020-07-29
Updated: 2021-05-01
Type: CWE-347
Risk Information
CVSS v2.0
Base Score: 4.4
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.4
Severity: MEDIUM
CVSS v3.0
Base Score: 6.4
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.5
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* versions up to 2.04 (inclusive)
Configuration 2
OR
cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 149217 | GLSA-202104-05 : GRUB: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 147274 | NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0008) | Nessus | NewStart CGSL Local Security Checks | medium |
| 146030 | CentOS 8 : grub2 (CESA-2020:3216) | Nessus | CentOS Local Security Checks | medium |
| 140948 | EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-2000) | Nessus | Huawei Local Security Checks | medium |
| 140075 | openSUSE Security Update : grub2 (openSUSE-2020-1282) | Nessus | SuSE Local Security Checks | medium |
| 140074 | openSUSE Security Update : grub2 (openSUSE-2020-1280) | Nessus | SuSE Local Security Checks | medium |
| 139843 | SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2308-1) | Nessus | SuSE Local Security Checks | medium |
| 139842 | SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2307-1) | Nessus | SuSE Local Security Checks | medium |
| 139841 | SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2306-1) | Nessus | SuSE Local Security Checks | medium |
| 139840 | SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2305-1) | Nessus | SuSE Local Security Checks | medium |
| 139839 | SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2304-1) | Nessus | SuSE Local Security Checks | medium |
| 139838 | SUSE SLES15 Security Update : grub2 (SUSE-SU-2020:2303-1) | Nessus | SuSE Local Security Checks | medium |
| 139365 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB2 regression (USN-4432-2) | Nessus | Ubuntu Local Security Checks | medium |
| 139294 | RHEL 7 : grub2 (RHSA-2020:3274) | Nessus | Red Hat Local Security Checks | medium |
| 139288 | RHEL 7 : grub2 (RHSA-2020:3271) | Nessus | Red Hat Local Security Checks | medium |
| 139287 | RHEL 7 : grub2 (RHSA-2020:3276) | Nessus | Red Hat Local Security Checks | medium |
| 139284 | RHEL 7 : grub2 (RHSA-2020:3273) | Nessus | Red Hat Local Security Checks | medium |
| 139283 | RHEL 7 : grub2 (RHSA-2020:3275) | Nessus | Red Hat Local Security Checks | medium |
| 139243 | Photon OS 2.0: Grub2 PHSA-2020-2.0-0267 | Nessus | PhotonOS Local Security Checks | medium |
| 139242 | Photon OS 1.0: Grub2 PHSA-2020-1.0-0311 | Nessus | PhotonOS Local Security Checks | medium |
| 139239 | Windows Security Feature Bypass in Secure Boot (BootHole) | Nessus | Windows | medium |
| 139236 | CentOS 7 : grub2 (CESA-2020:3217) | Nessus | CentOS Local Security Checks | medium |
| 139198 | RHEL 7 : grub2 (RHSA-2020:3217) | Nessus | Red Hat Local Security Checks | medium |
| 139194 | RHEL 8 : grub2 (RHSA-2020:3216) | Nessus | Red Hat Local Security Checks | medium |
| 139193 | RHEL 8 : grub2 (RHSA-2020:3223) | Nessus | Red Hat Local Security Checks | medium |
| 139192 | RHEL 8 : grub2 (RHSA-2020:3227) | Nessus | Red Hat Local Security Checks | medium |
| 139179 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB 2 vulnerabilities (USN-4432-1) | Nessus | Ubuntu Local Security Checks | medium |
| 139165 | Oracle Linux 8 : grub2 (ELSA-2020-5786) | Nessus | Oracle Linux Local Security Checks | high |
| 139164 | Oracle Linux 7 : grub2 (ELSA-2020-5782) | Nessus | Oracle Linux Local Security Checks | high |