CVE-2020-14372
grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
Se encontró un fallo en grub2 en versiones anteriores a 2.06, donde habilita incorrectamente el uso del comando ACPI cuando Secure Boot está habilitado. Este fallo permite a un atacante con acceso privilegiado diseñar un Secondary System Description Table (SSDT) ??que contiene código para sobrescribir el contenido de la variable de bloqueo del kernel de Linux directamente en la memoria. El kernel carga y ejecuta aún más la tabla, anulando su bloqueo de Secure Boot y permite a un atacante cargar código sin firmar. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema
A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The kernel further loads and executes the table, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2021-03-03 CVE Published
- 2021-05-22 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-184: Incomplete List of Disallowed Inputs
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20210416-0004 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/kukrimate/CVE-2020-14372 | 2021-05-22 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 | 2021-09-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Grub2 Search vendor "Gnu" for product "Grub2" | < 2.06 Search vendor "Gnu" for product "Grub2" and version " < 2.06" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "8.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
|