CVE-2020-15705

GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

Severity Score

6.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cuña, permitiendo que el arranque seguro sea omitido. Esto solo afecta a los sistemas en los que el certificado de firma del kernel ha sido importado directamente a la base de datos de arranque seguro y la imagen de GRUB es iniciada directamente sin el uso de cuña. Este problema afecta a GRUB2 versiones 2.04 y versiones anteriores

*Credits: Mathieu Trudel-Lapierre

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-07-14 CVE Reserved
2020-07-29 CVE Published
2024-08-22 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-347: Improper Verification of Cryptographic Signature
CWE-440: Expected Behavior Violation

CAPEC

References (22)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2020/07/29/3	Mailing List
http://www.openwall.com/lists/oss-security/2021/03/02/3	Mailing List
http://www.openwall.com/lists/oss-security/2021/09/17/2	Mailing List
http://www.openwall.com/lists/oss-security/2021/09/17/4	Mailing List
http://www.openwall.com/lists/oss-security/2021/09/21/1	Mailing List
https://security.netapp.com/advisory/ntap-20200731-0008	Third Party Advisory
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot	Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/07/29/3	Mailing List

URL	Date	SRC

URL	Date	SRC
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011	2022-04-18

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html	2022-04-18
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html	2022-04-18
http://ubuntu.com/security/notices/USN-4432-1	2022-04-18
https://access.redhat.com/security/vulnerabilities/grub2bootloader	2022-04-18
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html	2022-04-18
https://security.gentoo.org/glsa/202104-05	2022-04-18
https://usn.ubuntu.com/4432-1	2022-04-18
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass	2022-04-18
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot	2022-04-18
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue	2022-04-18
https://www.suse.com/support/kb/doc/?id=000019673	2022-04-18
https://access.redhat.com/security/cve/CVE-2020-15705	2020-08-03
https://bugzilla.redhat.com/show_bug.cgi?id=1860978	2020-08-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Grub2 Search vendor "Gnu" for product "Grub2"				<= 2.04 Search vendor "Gnu" for product "Grub2" and version " <= 2.04"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Atomic Host Search vendor "Redhat" for product "Enterprise Linux Atomic Host"				-		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				4.0 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"		lts		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11"		-		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				12 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "12"		-		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				15 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "15"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1607 Search vendor "Microsoft" for product "Windows 10" and version "1607"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1709 Search vendor "Microsoft" for product "Windows 10" and version "1709"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1803 Search vendor "Microsoft" for product "Windows 10" and version "1803"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1809 Search vendor "Microsoft" for product "Windows 10" and version "1809"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1903 Search vendor "Microsoft" for product "Windows 10" and version "1903"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1909 Search vendor "Microsoft" for product "Windows 10" and version "1909"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				2004 Search vendor "Microsoft" for product "Windows 10" and version "2004"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016"				1903 Search vendor "Microsoft" for product "Windows Server 2016" and version "1903"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016"				1909 Search vendor "Microsoft" for product "Windows Server 2016" and version "1909"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016"				2004 Search vendor "Microsoft" for product "Windows Server 2016" and version "2004"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019"				-		-		Affected