CVE-2020-15707

MEDIUM

Description

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

References

https://www.suse.com/support/kb/doc/?id=000019673

http://ubuntu.com/security/notices/USN-4432-1

https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011

https://access.redhat.com/security/vulnerabilities/grub2bootloader

https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/

https://www.openwall.com/lists/oss-security/2020/07/29/3

https://www.debian.org/security/2020/dsa-4735

http://www.openwall.com/lists/oss-security/2020/07/29/3

https://security.netapp.com/advisory/ntap-20200731-0008/

https://usn.ubuntu.com/4432-1/

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html

https://security.gentoo.org/glsa/202104-05

Details

Source: MITRE

Published: 2020-07-29

Updated: 2021-05-01

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 6.4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.5

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
149217	GLSA-202104-05 : GRUB: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
147445	EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2021-1601)	Nessus	Huawei Local Security Checks	medium
147274	NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0008)	Nessus	NewStart CGSL Local Security Checks	medium
146030	CentOS 8 : grub2 (CESA-2020:3216)	Nessus	CentOS Local Security Checks	medium
140948	EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-2000)	Nessus	Huawei Local Security Checks	medium
139956	EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1853)	Nessus	Huawei Local Security Checks	medium
139449	openSUSE Security Update : grub2 (openSUSE-2020-1169)	Nessus	SuSE Local Security Checks	medium
139448	openSUSE Security Update : grub2 (openSUSE-2020-1168)	Nessus	SuSE Local Security Checks	medium
139365	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB2 regression (USN-4432-2)	Nessus	Ubuntu Local Security Checks	medium
139294	RHEL 7 : grub2 (RHSA-2020:3274)	Nessus	Red Hat Local Security Checks	medium
139288	RHEL 7 : grub2 (RHSA-2020:3271)	Nessus	Red Hat Local Security Checks	medium
139287	RHEL 7 : grub2 (RHSA-2020:3276)	Nessus	Red Hat Local Security Checks	medium
139283	RHEL 7 : grub2 (RHSA-2020:3275)	Nessus	Red Hat Local Security Checks	medium
139243	Photon OS 2.0: Grub2 PHSA-2020-2.0-0267	Nessus	PhotonOS Local Security Checks	medium
139242	Photon OS 1.0: Grub2 PHSA-2020-1.0-0311	Nessus	PhotonOS Local Security Checks	medium
139239	Windows Security Feature Bypass in Secure Boot (BootHole)	Nessus	Windows	medium
139236	CentOS 7 : grub2 (CESA-2020:3217)	Nessus	CentOS Local Security Checks	medium
139198	RHEL 7 : grub2 (RHSA-2020:3217)	Nessus	Red Hat Local Security Checks	medium
139194	RHEL 8 : grub2 (RHSA-2020:3216)	Nessus	Red Hat Local Security Checks	medium
139193	RHEL 8 : grub2 (RHSA-2020:3223)	Nessus	Red Hat Local Security Checks	medium
139192	RHEL 8 : grub2 (RHSA-2020:3227)	Nessus	Red Hat Local Security Checks	medium
139179	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB 2 vulnerabilities (USN-4432-1)	Nessus	Ubuntu Local Security Checks	medium
139178	SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2079-1)	Nessus	SuSE Local Security Checks	medium
139177	SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2078-1)	Nessus	SuSE Local Security Checks	medium
139176	SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2077-1)	Nessus	SuSE Local Security Checks	medium
139175	SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2076-1)	Nessus	SuSE Local Security Checks	medium
139174	SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2074-1)	Nessus	SuSE Local Security Checks	medium
139173	SUSE SLES15 Security Update : grub2 (SUSE-SU-2020:2073-1)	Nessus	SuSE Local Security Checks	medium
139165	Oracle Linux 8 : grub2 (ELSA-2020-5786)	Nessus	Oracle Linux Local Security Checks	high
139164	Oracle Linux 7 : grub2 (ELSA-2020-5782)	Nessus	Oracle Linux Local Security Checks	high
139099	Debian DSA-4735-1 : grub2 - security update	Nessus	Debian Local Security Checks	medium

CVE-2020-15707

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

high

medium