Memory Management Flaw in GRUB2 Affects System Boot Security
CVE-2020-27779

7.5HIGH

Key Information:

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 3 March 2021

What is CVE-2020-27779?

A vulnerability in GRUB2 prior to version 2.06 allows privileged attackers to use the cutmem command, potentially bypassing Secure Boot protections. This flaw does not respect secure boot locking mechanisms, enabling attackers to manipulate memory by removing specific address ranges. This presents significant risks to data confidentiality, integrity, and overall system availability.

Affected Version(s)

grub2 grub 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1900698

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://security.gentoo.org/glsa/202104-05

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2021
Vulnerability Reserved
Oct 27, 2020

Gnu

What is CVE-2020-27779?

Affected Version(s)

References

CVSS V3.1

Timeline