CVE-2020-15705

Published: 29 July 2020

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

From the Ubuntu Security Team

Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.

Notes

Author	Note
alexmurray	grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low

Priority

Cvss 3 Severity Score

6.4

Score breakdown

Status

Package	Release	Status
grub2 Launchpad, Ubuntu, Debian	bionic	Released (2.02-2ubuntu8.16)
	focal	Released (2.04-1ubuntu26.1)
	groovy	Not vulnerable (2.04-1ubuntu26.1)
	hirsute	Not vulnerable (2.04-1ubuntu26.1)
	precise	Ignored (end of ESM support, was needed)
	trusty	Released (2.02~beta2-9ubuntu1.20)
	upstream	Needs triage
	xenial	Released (2.02~beta2-36ubuntu3.26)
grub2-signed Launchpad, Ubuntu, Debian	bionic	Released (1.93.18)
	eoan	Ignored (reached end-of-life)
	focal	Released (1.142.3)
	groovy	Not vulnerable (1.147)
	hirsute	Not vulnerable (1.147)
	precise	Does not exist
	trusty	Released (1.34.22)
	upstream	Needs triage
	xenial	Released (1.66.26)

Severity score breakdown

Parameter	Value
Base score	6.4
Attack vector	Local
Attack complexity	High
Privileges required	High
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Bugs

https://launchpad.net/bugs/1801968

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›