Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Local
0

CVE-2020-15705

Disclosure Date: July 29, 2020
CVE-2020-15705 CVSS v3 Base Score: 6.4
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.4 Medium
Impact Score:
5.9
Exploitability Score:
0.5
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
grub2 in Ubuntu 2.04-1ubuntu26.1
grub2 in Ubuntu 2.02-2ubuntu8.16
grub2 in Ubuntu 2.02~beta2-36ubuntu3.26
grub2 in Ubuntu 2.02~beta2-9ubuntu1.20
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2020-15705 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705)
Advisory
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
http://ubuntu.com/security/notices/USN-4432-1
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
https://access.redhat.com/security/vulnerabilities/grub2bootloader
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue
https://www.suse.com/support/kb/doc?id=000019673
https://www.openwall.com/lists/oss-security/2020/07/29/3
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities (http://www.openwall.com/lists/oss-security/2020/07/29/3)
https://security.netapp.com/advisory/ntap-20200731-0008
USN-4432-1 (https://usn.ubuntu.com/4432-1)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
https://www.suse.com/support/kb/doc/?id=000019673
https://security.netapp.com/advisory/ntap-20200731-0008/
USN-4432-1 (https://usn.ubuntu.com/4432-1/)
[oss-security] 20210302 Multiple GRUB2 vulnerabilities (http://www.openwall.com/lists/oss-security/2021/03/02/3)
GLSA-202104-05 (https://security.gentoo.org/glsa/202104-05)
[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list (http://www.openwall.com/lists/oss-security/2021/09/17/2)
[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list (http://www.openwall.com/lists/oss-security/2021/09/17/4)
[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list (http://www.openwall.com/lists/oss-security/2021/09/21/1)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis