CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Published: Jul 29, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15705
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-347

Affected Software
References

Software	From	Fixed in
gnu / grub2	-	2.04.x
redhat / enterprise_linux	7.0	7.0.x
canonical / ubuntu_linux	16.04	16.04.x
debian / debian_linux	10.0	10.0.x
canonical / ubuntu_linux	18.04	18.04.x
suse / suse_linux_enterprise_server	11	11.x
suse / suse_linux_enterprise_server	12	12.x
suse / suse_linux_enterprise_server	15	15.x
canonical / ubuntu_linux	14.04	14.04.x
redhat / enterprise_linux	8.0	8.0.x
opensuse / leap	15.1	15.1.x
redhat / openshift_container_platform	4.0	4.0.x
canonical / ubuntu_linux	20.04	20.04.x
opensuse / leap	15.2	15.2.x
microsoft / windows_server_2012	r2	r2.x
microsoft / windows_10	1607	1607.x
microsoft / windows_10	1709	1709.x
microsoft / windows_10	1803	1803.x
microsoft / windows_10	1809	1809.x
microsoft / windows_server_2016	1903	1903.x
microsoft / windows_10	1903	1903.x
microsoft / windows_server_2016	1909	1909.x
microsoft / windows_10	1909	1909.x
microsoft / windows_10	2004	2004.x
microsoft / windows_server_2016	2004	2004.x

Vulnerability Database

289,599

CVE-2020-15705