CVE-2020-15705
Published: 29 July 2020
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
From the Ubuntu security team
Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.
Priority
CVSS 3 base score: 6.4
Status
Package | Release | Status |
---|---|---|
grub2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.02-2ubuntu8.16)
|
focal |
Released
(2.04-1ubuntu26.1)
|
|
groovy |
Not vulnerable
(2.04-1ubuntu26.1)
|
|
hirsute |
Not vulnerable
(2.04-1ubuntu26.1)
|
|
precise |
Ignored
(end of ESM support, was needed)
|
|
trusty |
Released
(2.02~beta2-9ubuntu1.20)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.02~beta2-36ubuntu3.26)
|
|
grub2-signed Launchpad, Ubuntu, Debian |
bionic |
Released
(1.93.18)
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Released
(1.142.3)
|
|
groovy |
Not vulnerable
(1.147)
|
|
hirsute |
Not vulnerable
(1.147)
|
|
precise |
Does not exist
|
|
trusty |
Released
(1.34.22)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.66.26)
|
Notes
Author | Note |
---|---|
amurray | grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://ubuntu.com/security/notices/USN-4432-1
- NVD
- Launchpad
- Debian