CVE-2020-15705: GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
First published: Mon Jul 27 2020(Updated: )
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/fwupdate | <0:12-6.el7_8 | 0:12-6.el7_8 |
| redhat/grub2 | <1:2.02-0.86.el7_8 | 1:2.02-0.86.el7_8 |
| redhat/shim | <0:15-7.el7_9 | 0:15-7.el7_9 |
| redhat/shim-signed | <0:15-7.el7_8 | 0:15-7.el7_8 |
| redhat/grub2 | <1:2.02-0.86.el7_2 | 1:2.02-0.86.el7_2 |
| redhat/shim | <0:15-8.el7 | 0:15-8.el7 |
| redhat/shim-signed | <0:15-8.el7_2 | 0:15-8.el7_2 |
| redhat/grub2 | <1:2.02-0.86.el7 | 1:2.02-0.86.el7 |
| redhat/shim-signed | <0:15-8.el7_3 | 0:15-8.el7_3 |
| redhat/fwupdate | <0:9-10.el7_4 | 0:9-10.el7_4 |
| redhat/grub2 | <1:2.02-0.86.el7_4 | 1:2.02-0.86.el7_4 |
| redhat/shim-signed | <0:15-8.el7_4 | 0:15-8.el7_4 |
| redhat/fwupdate | <0:12-6.el7_6 | 0:12-6.el7_6 |
| redhat/grub2 | <1:2.02-0.86.el7_6 | 1:2.02-0.86.el7_6 |
| redhat/shim-signed | <0:15-8.el7_6 | 0:15-8.el7_6 |
| redhat/fwupdate | <0:12-6.el7_7 | 0:12-6.el7_7 |
| redhat/grub2 | <1:2.02-0.86.el7_7 | 1:2.02-0.86.el7_7 |
| redhat/shim-signed | <0:15-8.el7_7 | 0:15-8.el7_7 |
| redhat/fwupd | <0:1.1.4-7.el8_2 | 0:1.1.4-7.el8_2 |
| redhat/grub2 | <1:2.02-87.el8_2 | 1:2.02-87.el8_2 |
| redhat/shim | <0:15-14.el8_2 | 0:15-14.el8_2 |
| redhat/shim-unsigned-x64 | <0:15-7.el8 | 0:15-7.el8 |
| redhat/fwupd | <0:1.1.4-2.el8_0 | 0:1.1.4-2.el8_0 |
| redhat/grub2 | <1:2.02-87.el8_0 | 1:2.02-87.el8_0 |
| redhat/shim | <0:15-14.el8_0 | 0:15-14.el8_0 |
| redhat/fwupd | <0:1.1.4-2.el8_1 | 0:1.1.4-2.el8_1 |
| redhat/grub2 | <1:2.02-87.el8_1 | 1:2.02-87.el8_1 |
| redhat/shim | <0:15-14.el8_1 | 0:15-14.el8_1 |
| redhat/grub | <2.06 | 2.06 |
| debian/grub2 | 2.06-3~deb11u6 2.06-13+deb12u1 2.12-5 | |
| GRUB 2 | <=2.04 | |
| Red Hat Enterprise Linux Atomic Host | ||
| redhat openshift container platform | =4.0 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =20.04 | |
| Debian GNU/Linux | =10.0 | |
| openSUSE | =15.1 | |
| openSUSE | =15.2 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| SUSE Linux Enterprise Server | =11 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Linux Enterprise Server | =15 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 10 | =2004 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 | |
| Microsoft Windows Server 2019 | ||
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| Debian | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-15705 https://nvd.nist.gov/vuln/detail/CVE-2020-15705
- https://bugzilla.redhat.com/show_bug.cgi?id=1860978
- https://access.redhat.com/errata/RHSA-2020:3217
- https://access.redhat.com/errata/RHSA-2020:3273
- https://access.redhat.com/errata/RHSA-2020:3276
- https://access.redhat.com/errata/RHSA-2020:3275
- https://access.redhat.com/errata/RHSA-2020:3271
- https://access.redhat.com/errata/RHSA-2020:3274
- https://access.redhat.com/errata/RHSA-2020:3216
- https://access.redhat.com/errata/RHSA-2020:3227
- https://access.redhat.com/errata/RHSA-2020:3223
- https://access.redhat.com/security/cve/cve-2020-15705
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
- http://www.openwall.com/lists/oss-security/2020/07/29/3
- https://access.redhat.com/security/vulnerabilities/grub2bootloader
- https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
- https://www.suse.com/support/kb/doc/?id=000019673
- http://ubuntu.com/security/notices/USN-4432-1
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://security.netapp.com/advisory/ntap-20200731-0008/
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html
- http://www.openwall.com/lists/oss-security/2021/03/02/3
- https://security.gentoo.org/glsa/202104-05
- http://www.openwall.com/lists/oss-security/2021/09/17/2
- http://www.openwall.com/lists/oss-security/2021/09/17/4
- http://www.openwall.com/lists/oss-security/2021/09/21/1
- https://launchpad.net/bugs/cve/CVE-2020-15705
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1863021
- https://security-tracker.debian.org/tracker/CVE-2020-15705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705
- https://nvd.nist.gov/vuln/detail/CVE-2020-15705
- https://ubuntu.com/security/CVE-2020-15705
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-15705.
What is the severity of CVE-2020-15705?
The severity of CVE-2020-15705 is medium (6.4).
Which systems are affected by this vulnerability?
This vulnerability affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim.
How can this vulnerability be exploited?
This vulnerability allows secure boot to be bypassed by failing to validate kernel signature when booted directly without shim.
Where can I find more information about CVE-2020-15705?
You can find more information about CVE-2020-15705 on the Red Hat website (https://access.redhat.com/security/cve/cve-2020-15705).
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-15705
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/title
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/gnu
- canonical/grub 2
- version/grub 2/2.04
- vendor/redhat
- canonical/red hat enterprise linux atomic host
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/20.04
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- version/opensuse/15.2
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11
- version/suse linux enterprise server/12
- version/suse linux enterprise server/15
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- version/microsoft windows 10/2004
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1903
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- canonical/microsoft windows server 2019
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/20.04
- canonical/debian
- version/debian/10.0