CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html Mailing List Third Party Advisory
http://ubuntu.com/security/notices/USN-4432-1 Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/07/29/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/02/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/17/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/17/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/21/1 Mailing List Third Party Advisory
https://access.redhat.com/security/vulnerabilities/grub2bootloader Third Party Advisory
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html Issue Tracking Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 Patch Third Party Advisory Vendor Advisory
https://security.gentoo.org/glsa/202104-05 Third Party Advisory
https://security.netapp.com/advisory/ntap-20200731-0008/ Third Party Advisory
https://usn.ubuntu.com/4432-1/ Third Party Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass Third Party Advisory
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot Third Party Advisory
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/07/29/3 Mailing List Third Party Advisory
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/ Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000019673 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

History

18 Apr 2022, 15:22

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202104-05 - (GENTOO) https://security.gentoo.org/glsa/202104-05 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/4 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/4 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/21/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/21/1 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/2 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/2 - Mailing List, Third Party Advisory

21 Sep 2021, 12:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/21/1 -

17 Sep 2021, 18:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/4 -

17 Sep 2021, 09:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/17/2 -

Information

Published : 2020-07-29 18:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-15705

Mitre link : CVE-2020-15705

CVE.ORG link : CVE-2020-15705


JSON object : View

Products Affected

debian

  • debian_linux

microsoft

  • windows_8.1
  • windows_server_2012
  • windows_server_2016
  • windows_server_2019
  • windows_10
  • windows_rt_8.1

redhat

  • openshift_container_platform
  • enterprise_linux_atomic_host
  • enterprise_linux

canonical

  • ubuntu_linux

suse

  • suse_linux_enterprise_server

opensuse

  • leap

gnu

  • grub2
CWE
CWE-347

Improper Verification of Cryptographic Signature