Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2020-27779

Published: 2 March 2021

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

From the Ubuntu Security Team

It was discovered that the cutmem command in GRUB 2 did not honor secure boot locking. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions.

Notes

AuthorNote
sbeattie
grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
grub2-signed
Launchpad, Ubuntu, Debian
hirsute
Released (1.164)
xenial Pending
(1.164)
focal
Released (1.167.2)
groovy
Released (1.167.2)
impish
Released (1.169)
upstream Needs triage

trusty Needed

bionic
Released (1.167~18.04.5)
jammy Not vulnerable
(1.180)
lunar Not vulnerable
(1.192)
kinetic Not vulnerable
(1.185)
grub2-unsigned
Launchpad, Ubuntu, Debian
bionic
Released (2.04-1ubuntu44.1.2)
focal
Released (2.04-1ubuntu44.2)
hirsute
Released (2.04-1ubuntu42)
xenial Pending
(2.04-1ubuntu42)
groovy
Released (2.04-1ubuntu44.2)
impish
Released (2.04-1ubuntu45)
upstream Needs triage

trusty Does not exist

jammy Not vulnerable
(2.06-2ubuntu7)
kinetic Not vulnerable
(2.06-2ubuntu12)
lunar Not vulnerable
(2.06-2ubuntu16)
grub2
Launchpad, Ubuntu, Debian
trusty Needed

xenial Needed

bionic Needed

focal Needed

jammy Not vulnerable
(2.06-2ubuntu7)
kinetic Not vulnerable
(2.06-2ubuntu12)
lunar Not vulnerable
(2.06-2ubuntu16)
upstream Needs triage

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H