All the vulnerabilites related to Ubuntu - grub2 in Ubuntu
cve-2020-15705
Vulnerability from cvelistv5
Published
2020-07-29 17:45
Modified
2024-09-17 00:06
Summary
GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
References
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/x_refsource_CONFIRM
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypassvendor-advisory, x_refsource_UBUNTU
http://ubuntu.com/security/notices/USN-4432-1vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2020-GRUB-UEFI-SecureBootvendor-advisory, x_refsource_DEBIAN
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011x_refsource_CONFIRM
https://access.redhat.com/security/vulnerabilities/grub2bootloadervendor-advisory, x_refsource_REDHAT
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/vendor-advisory, x_refsource_SUSE
https://www.suse.com/support/kb/doc/?id=000019673vendor-advisory, x_refsource_SUSE
https://www.openwall.com/lists/oss-security/2020/07/29/3x_refsource_CONFIRM
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/07/29/3mailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20200731-0008/x_refsource_CONFIRM
https://usn.ubuntu.com/4432-1/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.htmlvendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2021/03/02/3mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202104-05vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2021/09/17/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/09/17/4mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/09/21/1mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1280",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
          },
          {
            "name": "openSUSE-SU-2020:1282",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
          },
          {
            "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          },
          {
            "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
          },
          {
            "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
          },
          {
            "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mathieu Trudel-Lapierre"
        }
      ],
      "datePublic": "2020-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T11:06:32",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1280",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
        },
        {
          "name": "openSUSE-SU-2020:1282",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
        },
        {
          "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        },
        {
          "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
        },
        {
          "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
        },
        {
          "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "defect": [
          "https://launchpad.net/bugs/1801968"
        ],
        "discovery": "INTERNAL"
      },
      "title": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15705",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Mathieu Trudel-Lapierre"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347 Improper Verification of Cryptographic Signature"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1280",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
            },
            {
              "name": "openSUSE-SU-2020:1282",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
            },
            {
              "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            },
            {
              "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
            },
            {
              "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
            },
            {
              "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "defect": [
            "https://launchpad.net/bugs/1801968"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15705",
    "datePublished": "2020-07-29T17:45:33.422001Z",
    "dateReserved": "2020-07-14T00:00:00",
    "dateUpdated": "2024-09-17T00:06:01.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15706
Vulnerability from cvelistv5
Published
2020-07-29 17:45
Modified
2024-09-16 22:20
Summary
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
References
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/x_refsource_CONFIRM
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypassvendor-advisory, x_refsource_UBUNTU
http://ubuntu.com/security/notices/USN-4432-1vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2020-GRUB-UEFI-SecureBootvendor-advisory, x_refsource_DEBIAN
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011x_refsource_CONFIRM
https://access.redhat.com/security/vulnerabilities/grub2bootloadervendor-advisory, x_refsource_REDHAT
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/vendor-advisory, x_refsource_SUSE
https://www.suse.com/support/kb/doc/?id=000019673vendor-advisory, x_refsource_SUSE
https://www.openwall.com/lists/oss-security/2020/07/29/3x_refsource_CONFIRM
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.htmlx_refsource_CONFIRM
https://www.debian.org/security/2020/dsa-4735vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2020/07/29/3mailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20200731-0008/x_refsource_CONFIRM
https://usn.ubuntu.com/4432-1/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202104-05vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "DSA-4735",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4735"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1169",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:1168",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chris Coulson"
        }
      ],
      "datePublic": "2020-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:01",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "DSA-4735",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4735"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1169",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:1168",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "discovery": "INTERNAL"
      },
      "title": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15706",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Chris Coulson"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "DSA-4735",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4735"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1169",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:1168",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15706",
    "datePublished": "2020-07-29T17:45:33.975497Z",
    "dateReserved": "2020-07-14T00:00:00",
    "dateUpdated": "2024-09-16T22:20:56.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15707
Vulnerability from cvelistv5
Published
2020-07-29 17:45
Modified
2024-09-17 03:07
Summary
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
References
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/x_refsource_CONFIRM
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypassvendor-advisory, x_refsource_UBUNTU
http://ubuntu.com/security/notices/USN-4432-1vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2020-GRUB-UEFI-SecureBootvendor-advisory, x_refsource_DEBIAN
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011x_refsource_CONFIRM
https://access.redhat.com/security/vulnerabilities/grub2bootloadervendor-advisory, x_refsource_REDHAT
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/vendor-advisory, x_refsource_SUSE
https://www.suse.com/support/kb/doc/?id=000019673vendor-advisory, x_refsource_SUSE
https://www.openwall.com/lists/oss-security/2020/07/29/3x_refsource_CONFIRM
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.htmlx_refsource_CONFIRM
https://www.debian.org/security/2020/dsa-4735vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2020/07/29/3mailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20200731-0008/x_refsource_CONFIRM
https://usn.ubuntu.com/4432-1/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202104-05vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "DSA-4735",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4735"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1169",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:1168",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Colin Watson"
        },
        {
          "lang": "en",
          "value": "Chris Coulson"
        }
      ],
      "datePublic": "2020-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:05",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "DSA-4735",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4735"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1169",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:1168",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "discovery": "INTERNAL"
      },
      "title": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15707",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Colin Watson"
          },
          {
            "lang": "eng",
            "value": "Chris Coulson"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "DSA-4735",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4735"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1169",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:1168",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15707",
    "datePublished": "2020-07-29T17:45:34.577890Z",
    "dateReserved": "2020-07-14T00:00:00",
    "dateUpdated": "2024-09-17T03:07:49.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}