CVE-2020-15705
Summary
| CVE | CVE-2020-15705 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-29 18:15:00 UTC |
| Updated | 2022-04-18 15:22:00 UTC |
| Description | GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Application | Gnu | Grub2 | All | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1709 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1803 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1903 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1909 | All | All | All |
| Operating System | Microsoft | Windows 10 | 2004 | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1709 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1803 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1903 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1909 | All | All | All |
| Operating System | Microsoft | Windows 10 | 2004 | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 1903 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 1909 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 2004 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 1903 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 1909 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | 2004 | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Application | Redhat | Enterprise Linux Atomic Host | - | All | All | All |
| Application | Redhat | Enterprise Linux Atomic Host | - | All | All | All |
| Application | Redhat | Openshift Container Platform | 4.0 | All | All | All |
| Application | Redhat | Openshift Container Platform | 4.0 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 12 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 15 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 12 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 15 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - multiple secure boot grub2 and linux kernel vulnerabilities | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| oss-security - multiple secure boot grub2 and linux kernel vulnerabilities | CONFIRM | www.openwall.com | Mailing List, Third Party Advisory |
| oss-security - Re: Containers-optimized OS (COS) membership in the linux-distros list | MLIST | www.openwall.com | |
| [SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHole | CONFIRM | lists.gnu.org | Issue Tracking, Vendor Advisory |
| Security Vulnerability: "Boothole" grub2 UEFI secure boot lockdown bypass | Support | SUSE | SUSE | www.suse.com | Third Party Advisory |
| SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass - Ubuntu Wiki | UBUNTU | wiki.ubuntu.com | Third Party Advisory |
| July 2020 Grub2 Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| oss-security - Re: Containers-optimized OS (COS) membership in the linux-distros list | MLIST | www.openwall.com | |
| [security-announce] openSUSE-SU-2020:1282-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 | CONFIRM | portal.msrc.microsoft.com | Patch, Third Party Advisory, Vendor Advisory |
| SUSE addresses BootHole security exposure - SUSE Communities | SUSE | www.suse.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1280-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Debian -- GRUB2 UEFI SecureBoot vulnerability - 'BootHole' | DEBIAN | www.debian.org | Third Party Advisory |
| GRUB: Multiple vulnerabilities (GLSA 202104-05) — Gentoo security | GENTOO | security.gentoo.org | |
| USN-4432-1: GRUB 2 vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Boot Hole Vulnerability - GRUB 2 boot loader - CVE-2020-10713 - Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| USN-4432-1: GRUB 2 vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | ubuntu.com | Third Party Advisory |
| oss-security - Containers-optimized OS (COS) membership in the linux-distros list | MLIST | www.openwall.com | |
| oss-security - Multiple GRUB2 vulnerabilities | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| There’s a Hole in the Boot - Eclypsium | CONFIRM | www.eclypsium.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Mathieu Trudel-Lapierre
Legacy QID Mappings
- 377345 Alibaba Cloud Linux Security Update for grub2 (ALINUX3-SA-2022:0064)
- 377367 Alibaba Cloud Linux Security Update for grub2 (ALINUX3-SA-2021:0026)
- 377533 Alibaba Cloud Linux Security Update for grub2 (ALINUX2-SA-2020:0108)
- 502730 Alpine Linux Security Update for grub
- 671199 EulerOS Security Update for grub2 (EulerOS-SA-2022-1008)
- 671200 EulerOS Security Update for grub2 (EulerOS-SA-2022-1028)
- 671256 EulerOS Security Update for grub2 (EulerOS-SA-2022-1194)
- 710015 Gentoo Linux GRUB Multiple Vulnerabilities (GLSA 202104-05)
- 900208 CBL-Mariner Linux Security Update for grub2 2.02
- 903497 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (1827)