Grub2 Vulnerability in Linux Kernel with Secure Boot Enabled by Red Hat
CVE-2020-14372

7.5HIGH

Key Information:

Vendor
Gnu
Status
Grub2
Vendor
CVE Published:
3 March 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Grub2 versions prior to 2.06 contain a vulnerability that improperly allows the usage of the ACPI command when Secure Boot is enabled. This flaw can be exploited by an attacker with privileged access to create a crafted Secondary System Description Table (SSDT). When this table is loaded, it can overwrite the Linux kernel lockdown variable's content directly in memory. This circumvents the Secure Boot lockdown, enabling the execution of unsigned code, potentially compromising data confidentiality, integrity, and overall system availability.

Affected Version(s)

grub2 grub 2.06

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-14372
Created by kukrimate

References

https://bugzilla.redhat.com/show_bug.cgi?id=1873150
x_refsource_MISC
https://access.redhat.com/security/vulnerabilities/RHSB-2...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210416-0004/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.