CVE-2020-15705
Published: 29 July 2020
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
From the Ubuntu Security Team
Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.
Notes
Author | Note |
---|---|
alexmurray | grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low |
Priority
Status
Package | Release | Status |
---|---|---|
grub2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.02-2ubuntu8.16)
|
focal |
Released
(2.04-1ubuntu26.1)
|
|
groovy |
Not vulnerable
(2.04-1ubuntu26.1)
|
|
hirsute |
Not vulnerable
(2.04-1ubuntu26.1)
|
|
precise |
Ignored
(end of ESM support, was needed)
|
|
trusty |
Released
(2.02~beta2-9ubuntu1.20)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.02~beta2-36ubuntu3.26)
|
|
grub2-signed Launchpad, Ubuntu, Debian |
bionic |
Released
(1.93.18)
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Released
(1.142.3)
|
|
groovy |
Not vulnerable
(1.147)
|
|
hirsute |
Not vulnerable
(1.147)
|
|
precise |
Does not exist
|
|
trusty |
Released
(1.34.22)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.66.26)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.4 |
Attack vector | Local |
Attack complexity | High |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://ubuntu.com/security/notices/USN-4432-1
- NVD
- Launchpad
- Debian