Home

CVE-2020-15705

Description

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Risk Information

Base Score
6.4
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.032

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.5Windows
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-ia32-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_i386.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-bin_2.02~beta2-36ubuntu3.26_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.142.3+2.04-1ubuntu26.1_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.93.18+2.02-2ubuntu8.16_amd64.debLinux
GRand Unified Bootloader (USN-4432-1) grub-efi-amd64-signed_1.66.26+2.02~beta2-36ubuntu3.26_amd64.debLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-devel-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-efi-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update fwupdate-libs-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-common-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-aa64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-ia32-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-cdboot-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-efi-x64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-pc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-ppc64le-modules-2.02-0.86.el7_8.noarch.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-extra-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update grub2-tools-minimal-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update mokutil-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-ia32-15-7.el7_8.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-ia32-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-unsigned-x64-15-7.el7_9.x86_64.rpmLinux
(RHSA-2020:3217) grub2 security and bug fix update shim-x64-15-7.el7_8.x86_64.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-2.02-12.39.1.x86_64.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debuginfo-2.02-12.39.1.x86_64.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-debugsource-2.02-12.39.1.x86_64.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-i386-pc-2.02-12.39.1.x86_64.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-snapper-plugin-2.02-12.39.1.noarch.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-systemd-sleep-plugin-2.02-12.39.1.noarch.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-efi-2.02-12.39.1.x86_64.rpmLinux
SUSE-SU-2020:2305-1(SUSE Linux Enterprise Server 12-SP5 ) grub2-x86_64-xen-2.02-12.39.1.noarch.rpmLinux
Grub2-efi-ia32 update (ELSA-2020-5786) grub2-efi-ia32-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-ia32-cdboot update (ELSA-2020-5786) grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64 update (ELSA-2020-5786) grub2-efi-x64-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-efi-x64-cdboot update (ELSA-2020-5786) grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-pc update (ELSA-2020-5786) grub2-pc-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools update (ELSA-2020-5786) grub2-tools-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-efi update (ELSA-2020-5786) grub2-tools-efi-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-extra update (ELSA-2020-5786) grub2-tools-extra-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-tools-minimal update (ELSA-2020-5786) grub2-tools-minimal-2.02-82.0.2.el8_2.1.x86_64.rpmLinux
Grub2-common update (ELSA-2020-5786) grub2-common-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-aa64-modules update (ELSA-2020-5786) grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-ia32-modules update (ELSA-2020-5786) grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-efi-x64-modules update (ELSA-2020-5786) grub2-efi-x64-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
Grub2-pc-modules update (ELSA-2020-5786) grub2-pc-modules-2.02-82.0.2.el8_2.1.noarch.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update fwupdate-debuginfo-12-6.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update grub2-debuginfo-2.02-0.86.el7_8.x86_64.rpmLinux
(RHSA-2020:3217)Moderate: security and bug fix update mokutil-debuginfo-15-7.el7_8.x86_64.rpmLinux
Improper Verification of Cryptographic Signature Vulnerability (CVE-2020-15705)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234