GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
CVE-2020-15705

6.4MEDIUM

Key Information:

Vendor: Ubuntu
Status: Grub2 In Ubuntu
Vendor: CVE Published:; 29 July 2020

🔔 Create Ubuntu Vulnerability Alert

What is CVE-2020-15705?

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Affected Version(s)

grub2 in Ubuntu 20.04 LTS < 2.04-1ubuntu26.1

grub2 in Ubuntu 18.04 LTS < 2.02-2ubuntu8.16

grub2 in Ubuntu 16.04 LTS < 2.02~beta2-36ubuntu3.26

References

https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the...

x_refsource_CONFIRM

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2S...

vendor-advisoryx_refsource_UBUNTU

http://ubuntu.com/security/notices/USN-4432-1

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2020
Vulnerability Reserved
Jul 14, 2020

Credit

Mathieu Trudel-Lapierre

.