Уязвимость CVE-2020-15705: Информация

Описание

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Важность: MEDIUM (6,4) Вектор: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-15705
Опубликовано: 29 июля 2020 г.
Изменено: 18 апреля 2022 г.
Идентификатор типа ошибки: CWE-347

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
grubsisyphus2.04-alt12.06-alt19ALT-PU-2020-3534-1261809Исправлено
grubsisyphus_riscv642.06-alt0.5.rv64.32.06-alt0.5.rv64.3ALT-PU-2022-4067-1-Исправлено
grubp102.04-alt12.06-alt17ALT-PU-2020-3534-1261809Исправлено
grubc10f12.04-alt12.06-alt7ALT-PU-2020-3534-1261809Исправлено
grubc9f22.06-alt42.06-alt4ALT-PU-2021-3464-1291032Исправлено
grubp112.04-alt12.06-alt19ALT-PU-2020-3534-1261809Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://www.suse.com/support/kb/doc/?id=000019673
  • Third Party Advisory
http://ubuntu.com/security/notices/USN-4432-1
  • Third Party Advisory
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
  • Issue Tracking
  • Vendor Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
  • Third Party Advisory
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
  • Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
  • Patch
  • Third Party Advisory
  • Vendor Advisory
https://access.redhat.com/security/vulnerabilities/grub2bootloader
  • Third Party Advisory
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
  • Third Party Advisory
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
  • Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/07/29/3
  • Mailing List
  • Third Party Advisory
[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200731-0008/
  • Third Party Advisory
USN-4432-1
  • Third Party Advisory
openSUSE-SU-2020:1280
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:1282
  • Mailing List
  • Third Party Advisory
[oss-security] 20210302 Multiple GRUB2 vulnerabilities
  • Mailing List
  • Third Party Advisory
GLSA-202104-05
  • Third Party Advisory
[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
  • Mailing List
  • Third Party Advisory
[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
  • Mailing List
  • Third Party Advisory
[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
  • Mailing List
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
      End including
      2.04

      Конфигурация 2

      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
      cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*
      cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
      cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*
      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
      cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

      Конфигурация 3

      cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
      cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.3
Наверх