GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
18 Apr 2022, 15:22
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202104-05 - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/4 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/09/21/1 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/2 - Mailing List, Third Party Advisory |
21 Sep 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Sep 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Sep 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-29 18:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-15705
Mitre link : CVE-2020-15705
CVE.ORG link : CVE-2020-15705
JSON object : View
Products Affected
debian
- debian_linux
microsoft
- windows_8.1
- windows_server_2012
- windows_server_2016
- windows_server_2019
- windows_10
- windows_rt_8.1
redhat
- openshift_container_platform
- enterprise_linux_atomic_host
- enterprise_linux
canonical
- ubuntu_linux
suse
- suse_linux_enterprise_server
opensuse
- leap
gnu
- grub2
CWE
CWE-347
Improper Verification of Cryptographic Signature