CVE-2020-15705

moderate-risk

Published 2020-07-29

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.4/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Grub2

Enterprise Linux Atomic Host

Openshift Container Platform

Ubuntu Linux

Debian Linux

Leap

Enterprise Linux

Suse Linux Enterprise Server

Windows 10

Affected Vendors

Debian Redhat Microsoft Gnu Suse Canonical Opensuse

References (40)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html

Third Party Advisory http://ubuntu.com/security/notices/USN-4432-1

Mailing List http://www.openwall.com/lists/oss-security/2020/07/29/3

Mailing List http://www.openwall.com/lists/oss-security/2021/03/02/3

Mailing List http://www.openwall.com/lists/oss-security/2021/09/17/2

Mailing List http://www.openwall.com/lists/oss-security/2021/09/17/4

Mailing List http://www.openwall.com/lists/oss-security/2021/09/21/1

Third Party Advisory https://access.redhat.com/security/vulnerabilities/grub2bootloader

Issue Tracking https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011

Third Party Advisory https://security.gentoo.org/glsa/202104-05

Third Party Advisory https://security.netapp.com/advisory/ntap-20200731-0008/

Third Party Advisory https://usn.ubuntu.com/4432-1/

Third Party Advisory https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

Third Party Advisory https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot

Third Party Advisory https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

Mailing List https://www.openwall.com/lists/oss-security/2020/07/29/3

Third Party Advisory https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/

Third Party Advisory https://www.suse.com/support/kb/doc/?id=000019673

and 20 more references

/ 100

moderate-risk

Severity 17/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 23/34 · High