CVE-2020-15707: GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
First published: Wed Jul 29 2020(Updated: )
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/fwupdate | <0:12-6.el7_8 | 0:12-6.el7_8 |
| redhat/grub2 | <1:2.02-0.86.el7_8 | 1:2.02-0.86.el7_8 |
| redhat/shim | <0:15-7.el7_9 | 0:15-7.el7_9 |
| redhat/shim-signed | <0:15-7.el7_8 | 0:15-7.el7_8 |
| redhat/grub2 | <1:2.02-0.86.el7 | 1:2.02-0.86.el7 |
| redhat/shim | <0:15-8.el7 | 0:15-8.el7 |
| redhat/shim-signed | <0:15-8.el7_3 | 0:15-8.el7_3 |
| redhat/fwupdate | <0:9-10.el7_4 | 0:9-10.el7_4 |
| redhat/grub2 | <1:2.02-0.86.el7_4 | 1:2.02-0.86.el7_4 |
| redhat/shim-signed | <0:15-8.el7_4 | 0:15-8.el7_4 |
| redhat/fwupdate | <0:12-6.el7_6 | 0:12-6.el7_6 |
| redhat/grub2 | <1:2.02-0.86.el7_6 | 1:2.02-0.86.el7_6 |
| redhat/shim-signed | <0:15-8.el7_6 | 0:15-8.el7_6 |
| redhat/fwupdate | <0:12-6.el7_7 | 0:12-6.el7_7 |
| redhat/grub2 | <1:2.02-0.86.el7_7 | 1:2.02-0.86.el7_7 |
| redhat/shim-signed | <0:15-8.el7_7 | 0:15-8.el7_7 |
| redhat/fwupd | <0:1.1.4-7.el8_2 | 0:1.1.4-7.el8_2 |
| redhat/grub2 | <1:2.02-87.el8_2 | 1:2.02-87.el8_2 |
| redhat/shim | <0:15-14.el8_2 | 0:15-14.el8_2 |
| redhat/shim-unsigned-x64 | <0:15-7.el8 | 0:15-7.el8 |
| redhat/fwupd | <0:1.1.4-2.el8_0 | 0:1.1.4-2.el8_0 |
| redhat/grub2 | <1:2.02-87.el8_0 | 1:2.02-87.el8_0 |
| redhat/shim | <0:15-14.el8_0 | 0:15-14.el8_0 |
| redhat/fwupd | <0:1.1.4-2.el8_1 | 0:1.1.4-2.el8_1 |
| redhat/grub2 | <1:2.02-87.el8_1 | 1:2.02-87.el8_1 |
| redhat/shim | <0:15-14.el8_1 | 0:15-14.el8_1 |
| redhat/grub | <2.06 | 2.06 |
| debian/grub2 | 2.06-3~deb11u6 2.06-13+deb12u1 2.12-5 | |
| GRUB 2 | <=2.04 | |
| Red Hat Enterprise Linux Atomic Host | ||
| redhat openshift container platform | =4.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 10 | =2004 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 | |
| Microsoft Windows Server 2019 | ||
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =20.04 | |
| Debian GNU/Linux | =10.0 | |
| openSUSE | =15.1 | |
| openSUSE | =15.2 | |
| SUSE Linux Enterprise Server | =11 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Linux Enterprise Server | =15 | |
| NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| Debian | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-15707 https://nvd.nist.gov/vuln/detail/CVE-2020-15707
- https://bugzilla.redhat.com/show_bug.cgi?id=1861581
- https://access.redhat.com/errata/RHSA-2020:3217
- https://access.redhat.com/errata/RHSA-2020:3276
- https://access.redhat.com/errata/RHSA-2020:3275
- https://access.redhat.com/errata/RHSA-2020:3271
- https://access.redhat.com/errata/RHSA-2020:3274
- https://access.redhat.com/errata/RHSA-2020:3216
- https://access.redhat.com/errata/RHSA-2020:3227
- https://access.redhat.com/errata/RHSA-2020:3223
- https://access.redhat.com/security/cve/cve-2020-15707
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
- https://www.openwall.com/lists/oss-security/2020/07/29/3
- https://www.debian.org/security/2020/dsa-4735
- https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
- http://www.openwall.com/lists/oss-security/2020/07/29/3
- https://access.redhat.com/security/vulnerabilities/grub2bootloader
- https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
- https://www.suse.com/support/kb/doc/?id=000019673
- http://ubuntu.com/security/notices/USN-4432-1
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
- https://security.netapp.com/advisory/ntap-20200731-0008/
- https://usn.ubuntu.com/4432-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
- https://security.gentoo.org/glsa/202104-05
- https://launchpad.net/bugs/cve/CVE-2020-15707
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1863025
- https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
- https://security-tracker.debian.org/tracker/CVE-2020-15707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707
- https://nvd.nist.gov/vuln/detail/CVE-2020-15707
- https://ubuntu.com/security/CVE-2020-15707
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-15707?
CVE-2020-15707 has a high severity rating due to its potential to cause heap-based buffer overflows.
How do I fix CVE-2020-15707?
To fix CVE-2020-15707, update affected packages such as grub2 to the recommended versions provided by your distribution.
Which products are affected by CVE-2020-15707?
CVE-2020-15707 affects various systems using GRUB2, including Debian, Red Hat, and Ubuntu distributions.
What types of vulnerabilities does CVE-2020-15707 involve?
CVE-2020-15707 involves integer overflows that can lead to heap-based buffer overflow vulnerabilities.
Is there a known exploit for CVE-2020-15707?
As of now, specific exploits for CVE-2020-15707 have not been publicly disclosed, but the vulnerability itself poses a significant risk.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-15707
- agent/software-canonical-lookup
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/title
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/gnu
- canonical/grub 2
- version/grub 2/2.04
- vendor/redhat
- canonical/red hat enterprise linux atomic host
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- version/microsoft windows 10/2004
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1903
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- canonical/microsoft windows server 2019
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/20.04
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- version/opensuse/15.2
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11
- version/suse linux enterprise server/12
- version/suse linux enterprise server/15
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- version/netapp active iq unified manager for vmware vsphere/9.5
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/20.04
- canonical/debian
- version/debian/10.0