{"id": "SUSE_SU-2020-2627-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : shim (SUSE-SU-2020:2627-1)", "description": "This update for shim fixes the following issues :\n\nUpdate to the unified shim binary from SUSE Linux Enterprise 15-SP1\n(bsc#1168994)\n\nThis update addresses the 'BootHole' security issue (master CVE\nCVE-2020-10713), by disallowing binaries signed by the previous SUSE\nUEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux\nkernel and (if used) Xen from July / August 2020 are applied.\n\nAdditional fixes :\n\nshim-install: install MokManager to \\EFI\\boot to process the pending\nMOK request (bsc#1175626, bsc#1175656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2020-12-09T00:00:00", "modified": "2020-12-09T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/143790", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1175626", "https://www.suse.com/security/cve/CVE-2020-10713/", "https://bugzilla.suse.com/show_bug.cgi?id=1168994", "http://www.nessus.org/u?96a94024", "https://bugzilla.suse.com/show_bug.cgi?id=1175656"], "cvelist": ["CVE-2020-10713"], "type": "nessus", "lastseen": "2021-01-14T06:30:10", "edition": 3, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-10713"]}, {"type": "attackerkb", "idList": ["AKB:D179C673-BB99-4F4C-9D19-8FF081A85C1F"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:4DA175A5FB10CC3E64B58AB0536688A4"]}, {"type": "cisa", "idList": ["CISA:4CA744242533EA980240D07CC5A48867"]}, {"type": "lenovo", "idList": ["LENOVO:PS500336-NOSID", "LENOVO:PS500336-GRUB2-VULNERABILITY-AKA-BOOT-HOLE-NOSID"]}, {"type": "cisco", "idList": ["CISCO-SA-GRUB2-CODE-EXEC-XLEPCAPY"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200923-01-GRUB2"]}, {"type": "hp", "idList": ["HP:C06707446"]}, {"type": "thn", "idList": ["THN:885767C284ED14ED2B32F6713F9AA21F"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1833.NASL", "EULEROS_SA-2020-2184.NASL", "EULEROS_SA-2020-1891.NASL", "EULEROS_SA-2020-1965.NASL", "SUSE_SU-2020-2628-1.NASL", "EULEROS_SA-2020-1946.NASL", "SUSE_SU-2020-2629-1.NASL", "EULEROS_SA-2020-1834.NASL", "EULEROS_SA-2020-2462.NASL", "EULEROS_SA-2020-1832.NASL"]}, {"type": "cert", "idList": ["VU:174059"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5782", "ELSA-2020-3220", "ELSA-2020-3218", "ELSA-2020-5790", "ELSA-2020-5786", "ELSA-2020-4436"]}, {"type": "redhat", "idList": ["RHSA-2020:3219", "RHSA-2020:3218", "RHSA-2020:4115", "RHSA-2020:3230", "RHSA-2020:3224", "RHSA-2020:3232", "RHSA-2020:3228", "RHSA-2020:3221", "RHSA-2020:4172", "RHSA-2020:3226"]}, {"type": "threatpost", "idList": ["THREATPOST:D2BB5A9DDB021A7E256A4E0D8A6BDA55"]}, {"type": "centos", "idList": ["CESA-2020:3217", "CESA-2020:3220"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1168-1", "OPENSUSE-SU-2020:1169-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4735-1:A9183"]}, {"type": "fedora", "idList": ["FEDORA:574BC3099D0A", "FEDORA:1FF6B30C5606"]}, {"type": "ubuntu", "idList": ["USN-4432-1", "USN-4432-2"]}, {"type": "mscve", "idList": ["MS:ADV200011"]}], "modified": "2021-01-14T06:30:10", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-01-14T06:30:10", "rev": 2}, "vulnersScore": 3.8}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2627-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143790);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-10713\");\n\n script_name(english:\"SUSE SLES12 Security Update : shim (SUSE-SU-2020:2627-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for shim fixes the following issues :\n\nUpdate to the unified shim binary from SUSE Linux Enterprise 15-SP1\n(bsc#1168994)\n\nThis update addresses the 'BootHole' security issue (master CVE\nCVE-2020-10713), by disallowing binaries signed by the previous SUSE\nUEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux\nkernel and (if used) Xen from July / August 2020 are applied.\n\nAdditional fixes :\n\nshim-install: install MokManager to \\EFI\\boot to process the pending\nMOK request (bsc#1175626, bsc#1175656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10713/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202627-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96a94024\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2627=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2627=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2627=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2627=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2627=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2627=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2627=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2627=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2627=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2627=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2627=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2627=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:shim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"shim-15+git47-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"shim-15+git47-25.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"shim-15+git47-25.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"shim\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "143790", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:shim"], "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "scheme": null}

{"cve": [{"lastseen": "2021-02-02T07:36:55", "description": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "edition": 13, "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-30T13:15:00", "title": "CVE-2020-10713", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713"], "modified": "2020-10-19T21:15:00", "cpe": [], "id": "CVE-2020-10713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10713", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "attackerkb": [{"lastseen": "2020-11-18T06:38:55", "bulletinFamily": "info", "cvelist": ["CVE-2020-10173", "CVE-2020-10713"], "description": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\n \n**Recent assessments:** \n \n**busterb** at August 05, 2020 6:48pm UTC reported:\n\nIf you actually have a working Secure Boot installation in the first place and rely on it, yes this is a problem.\n\nHowever, whether that is true is specific to your environment. Many cloud environments (like AWS), do not support secure boot/UEFI in the first place, so there\u2019s no point to worrying about this; an attacker could just replace your grub binary already, or kernel, or anything else. You\u2019re better off monitoring VM reboots for this kind of attack, and reprovisioning if that happens. Since this is basically a persistence mechanism, it seems like there are lot of other lower-hanging mechanisms that could also work. By the time you\u2019ve bothered getting root or physical access, you could do so much else in the mean time. I can\u2019t imagine this being in the top 50 things an attacker would try to do, outside of a supply chain attack of some sort.\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 4**zeroSteiner** at July 29, 2020 9:00pm UTC reported:\n\nIf you actually have a working Secure Boot installation in the first place and rely on it, yes this is a problem.\n\nHowever, whether that is true is specific to your environment. Many cloud environments (like AWS), do not support secure boot/UEFI in the first place, so there\u2019s no point to worrying about this; an attacker could just replace your grub binary already, or kernel, or anything else. You\u2019re better off monitoring VM reboots for this kind of attack, and reprovisioning if that happens. Since this is basically a persistence mechanism, it seems like there are lot of other lower-hanging mechanisms that could also work. By the time you\u2019ve bothered getting root or physical access, you could do so much else in the mean time. I can\u2019t imagine this being in the top 50 things an attacker would try to do, outside of a supply chain attack of some sort.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 3\n", "modified": "2020-08-28T00:00:00", "published": "2020-07-30T00:00:00", "id": "AKB:D179C673-BB99-4F4C-9D19-8FF081A85C1F", "href": "https://attackerkb.com/topics/dWtjo8OIK7/cve-2020-10713---boothole", "type": "attackerkb", "title": "CVE-2020-10713 - BootHole", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2020-08-08T10:03:48", "bulletinFamily": "blog", "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "description": "On July 29, 2020, [Eclypsium researchers](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>) disclosed a high-risk vulnerability in GRUB2 (GRand Unified Bootloader version 2) affecting billions of Linux and Windows systems, even when secure boot is enabled. CVE-2020-10713 is assigned to this buffer overflow vulnerability, termed as \u201cBoothole\u201d.\n\nSuccessful exploitation of the vulnerability requires high privileges or physical access to the device. According to [Eclypsium researchers](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>), &quot;attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device.&quot; \n\nSecure Boot is designed to verify all the firmware of the computer is trusted. However, CVE-2020-10713 results in total pwn of secure boot in systems using GRUB. The bug resides in GRUB\u2019s inadequate error handling.\n\n##### **Additional Vulnerabilities in GRUB2**\n\nAfter the initial vulnerability report by the Eclypsium team, a number of additional vulnerabilities were discovered by the Canonical security team:\n\n * CVE-2020-14308: Heap-based buffer overflow in grub_malloc\n * CVE-2020-14309: Integer overflow in grub_squash_read_symlink can lead to heap-based overflow\n * CVE-2020-14310: Integer overflow read_section_from_string can lead to heap-based overflow\n * CVE-2020-14311: Integer overflow in grub_ext2_read_link can leads to heap-based buffer overflow\n * CVE-2020-15705: Failure to validate kernel signature when booted without shim\n * CVE-2020-15706: Use-after-free in grub_script_function_create\n * CVE-2020-15707: Integer overflow in initrd size handling\n\n##### **Affected Vendors**\n\nAll operating systems which use GRUB2 with Secure Boot are affected. As per [Eclypsium\u2019s report](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>), the following vendors are confirmed to be affected:\n\n * [Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>)\n * [UEFI Security Response Team (USRT)](<https://uefi.org/revocationlistfile>)\n * Oracle\n * [Red Hat (Fedora and RHEL)](<https://access.redhat.com/security/vulnerabilities/grub2bootloader>)\n * [Canonical (Ubuntu)](<https://ubuntu.com/blog/mitigating-boothole-theres-a-hole-in-the-boot-cve-2020-10713-and-related-vulnerabilities>)\n * [SuSE (SLES and openSUSE)](<https://www.suse.com/support/update/announcement/2020/suse-su-20202073-1/>)\n * [Debian](<https://lists.debian.org/debian-security-announce/2020/msg00144.html>)\n * Citrix\n * [VMware](<https://kb.vmware.com/s/article/80181>)\n * Various OEMs\n\n### Identification of Assets using Qualys VMDR\n\nThe first step in managing vulnerabilities and reducing risk is identification of assets. [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) enables easy identification of Windows and Linux systems\n\n_`operatingSystem.category1:`Windows` or operatingSystem.category1:`Linux``_\n\n\n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019, let\u2019s say \u2013 Boothole. This helps in automatically grouping existing hosts with Boothole as well as any new Windows or Linux host that spins up in your environment. Tagging makes these grouped assets available for querying, reporting and management throughout the [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>). \n\n#### Discover Boothole CVE-2020-10713 Vulnerability \n\nNow that hosts with Boothole are identified, you want to detect which of these assets have flagged this vulnerability. VMDR automatically detects new vulnerabilities like Boothole based on the always updated Knowledgebase.\n\nYou can see all your impacted hosts for this vulnerability tagged with the \u2018Boothole\u2019 asset tag in the vulnerabilities view by using this QQL query:\n\n_`vulnerabilities.vulnerability.qid:[173771, 173770, 173769, 173768, 197967, 177969, 177966, 256935, 256934, 158696, 158695, 158694]`_\n\nThis will return a list of all impacted hosts.\n\n\n\nThese QIDs are included in signature version VULNSIGS-2.4.951-3 and above and can be detected using authenticated scanning or the [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>).\n\nUsing VMDR, the Boothole vulnerability can be prioritized for the following real-time threat indicators (RTIs):\n\n * Denial of Service\n * High Data Loss\n * High Lateral Movement\n\n\nVMDR also enables you to stay on top of these threats proactively via the \u2018live feed\u2019 provided for threat prioritization. With \u2018live feed\u2019 updated for all emerging high and medium risks, you can clearly see the impacted hosts against threats. \n\n * \n\nSimply click on the impacted assets for the Boothole threat feed to see the vulnerability and impacted host details. \n\nWith VM Dashboard, you can track Boothole, impacted hosts, their status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of Boothole vulnerability trends in your environment using [GRUB2 Boothole Vulnerability Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006384>).\n\n\n\n#### Response by Patching and Remediation \n\nVMDR rapidly remediates the Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select \u201ccve:`CVE-2020-10713`\u201d in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go for hosts grouped together by a tag \u2013 Boothole. \n\nFor proactive, continuous patching, you can create a job without a Patch Window to ensure all hosts will continue to receive the required patches as new patches become available for emerging vulnerabilities.\n\nUsers are encouraged to apply patches as soon as possible.\n\n##### Mitigation\n\nMicrosoft has published an [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>) to address security feature bypass in GRUB.\n\nOther affected vendors provide updates for GRUB2.\n\n#### Unstable Linux Patches\n\nQualys also released a Notification over the weekend for customers : [Qualys Support Proactive Notification: Red Hat Update for BootHole Vulnerability Renders Systems Unbootable](<https://notifications.qualys.com/product/2020/08/01/qualys-support-proactive-notification-red-hat-update-for-boothole-vulnerability-renders-systems-unbootable>).\n\n### Get Started Now\n\nStart your [Qualys VMDR trial](<https://www.qualys.com/subscriptions/vmdr/>) for automatically identifying, detecting and patching the high-priority Boothole vulnerability CVE-2020-10713.\n\n##### **References**\n\n<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>\n\n<https://github.com/eclypsium/BootHole>", "modified": "2020-08-03T21:35:38", "published": "2020-08-03T21:35:38", "id": "QUALYSBLOG:4DA175A5FB10CC3E64B58AB0536688A4", "href": "https://blog.qualys.com/category/vulnerabilities-research", "type": "qualysblog", "title": "GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713) \u2013 Automatically Discover, Prioritize and Remediate Using Qualys VMDR\u00ae", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cisco": [{"lastseen": "2020-11-06T11:39:17", "bulletinFamily": "software", "cvelist": ["CVE-2020-10713"], "description": "On July 29, 2020, a research paper titled \u201cThere\u2019s a Hole in the Boot\u201d was made publicly available. This paper discusses a vulnerability discovered in the GRand Unified Bootloader version 2 (GRUB2) bootloader that may allow an attacker to execute arbitrary code at system boot time.\n\nThe vulnerability is due to incorrect bounds checking of certain values parsed from the GRUB2 configuration file. An attacker could exploit this vulnerability by supplying a crafted configuration file for GRUB2. When this file is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to inject arbitrary code that is executed before the operating system is loaded on the targeted system.\n\nOn systems protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, exploitation of this vulnerability may allow the attacker to tamper with the secure boot process.\n\nMultiple Cisco products are affected by this vulnerability.\n\nCisco will release software updates that address this vulnerability. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.\n\nThis advisory will be updated as additional information becomes available.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY\"]", "modified": "2020-08-10T15:49:28", "published": "2020-08-04T23:00:00", "id": "CISCO-SA-GRUB2-CODE-EXEC-XLEPCAPY", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY", "type": "cisco", "title": "GRUB2 Arbitrary Code Execution Vulnerability", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2020-09-23T10:42:23", "bulletinFamily": "software", "cvelist": ["CVE-2020-10713"], "description": "Eclypsium researchers have discovered a vulnerability named\u201cBootHole\u201din the GRUB2 bootloader. There is a buffer overflow vulnerability that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. (Vulnerability ID: HWPSIRT-2020-14407) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-10713.\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-grub2-en", "edition": 1, "modified": "2020-09-23T00:00:00", "published": "2020-09-23T00:00:00", "id": "HUAWEI-SA-20200923-01-GRUB2", "href": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200923-01-grub2-en", "title": "Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot", "type": "huawei", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "lenovo": [{"lastseen": "2020-10-14T09:02:19", "bulletinFamily": "info", "cvelist": ["CVE-2020-10713"], "description": "**Lenovo Security Advisory:** LEN-34794\n\n**Potential Impact**: Escalation of privilege\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2020-10713\n\n**Summary Description:**\n\nLenovo is aware of a vulnerability in GRUB2, an open source bootloader commonly used by Linux, that could allow Secure Boot security enforcement to be bypassed by an attacker with physical or administrator access and allow unauthorized code execution during the boot process. This vulnerability is referred to by the researchers as Boot Hole. \n\nLenovo client and server products support Secure Boot. Enabling Secure Boot and using a vulnerable version of GRUB2 will expose products to the Boot Hole vulnerability. \n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nThe industry approach to addressing this class of issue is to add vulnerable versions of GRUB2 to the Secure Boot \u201cdeny\u201d database (dbx) to prevent them from loading when Secure Boot is enabled. However, the industry has identified scenarios where doing so will negatively impact customers and prevent systems from booting, such as when BitLocker is enabled. Lenovo will continue to monitor and provide updated information and fixes, if applicable, as the industry develops a strategy for this issue.\n\nIn the interim, Lenovo recommends updating operating systems to use non-vulnerable versions of GRUB2, allowing boot from only authorized devices, and configuring a BIOS Administrator/Supervisor Password to prevent unauthorized boot device changes.\n\nFor affected Lenovo software and solutions using GRUB2, please refer to the Product Impact section below.\n\n**Product Impact:**\n\n\u00b7 Systems utilizing UEFI Secure Boot\n\n\u00b7 ThinkAgile CP-Spark Hypervisor Guardian\n\n\u00b7 ThinkAgile CP-Spark Storage Controller Guardian\n\n\u00b7 LeTOS (Linux)\n\n\u00b7 Lenovo Rackswitch NE10032\n\n\u00b7 Lenovo Rackswitch NE2572\n\n\u00b7 Lenovo Rackswitch NE0152T\n\n**References:**\n\nMicrosoft: <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>\n\nEclypsium Blog: [https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/](<https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>)\n\nUEFI Forum: [https://uefi.org/revocationlistfile](<https://uefi.org/revocationlistfile>)\n\nCanonical: [https://ubuntu.com/security/notices/USN-4432-1](<https://ubuntu.com/security/notices/USN-4432-1>)\n\nDebian: [https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot](<https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot>)\n\nRed Hat: [https://access.redhat.com/security/vulnerabilities/grub2bootloader](<https://access.redhat.com/security/vulnerabilities/grub2bootloader>)\n\nSUSE: [https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/](<https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/>)\n\nVMware: [https://kb.vmware.com/s/article/80181](<https://kb.vmware.com/s/article/80181>)\n\n[](<https://kb.vmware.com/s/article/80181>)\n\n**Revision History:**\n\nRevision | Date | Description \n---|---|--- \n1 | 2020-07-30 | Initial release \n \nFor a complete list of all Lenovo Product Security Advisories, click [here](<https://support.lenovo.com//product_security/home>).\n\nFor the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an \u201cas is\u201d basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.\n\n[](<https://kb.vmware.com/s/article/80181>)\n", "edition": 36, "modified": "2020-07-30T16:42:42", "published": "2020-07-30T15:15:08", "id": "LENOVO:PS500336-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500336", "title": "GRUB2 Vulnerability \u2013 AKA ", "type": "lenovo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-24T11:28:05", "bulletinFamily": "info", "cvelist": ["CVE-2020-10713"], "description": "**Lenovo Security Advisory:** LEN-34794\n\n**Potential Impact**: Escalation of privilege\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2020-10713\n\n**Summary Description:**\n\nLenovo is aware of a vulnerability in GRUB2, an open source bootloader commonly used by Linux, that could allow Secure Boot security enforcement to be bypassed by an attacker with physical or administrator access and allow unauthorized code execution during the boot process. This vulnerability is referred to by the researchers as Boot Hole. \n\nLenovo client and server products support Secure Boot. Enabling Secure Boot and using a vulnerable version of GRUB2 will expose products to the Boot Hole vulnerability. \n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nThe industry approach to addressing this class of issue is to add vulnerable versions of GRUB2 to the Secure Boot \u201cdeny\u201d database (dbx) to prevent them from loading when Secure Boot is enabled. However, the industry has identified scenarios where doing so will negatively impact customers and prevent systems from booting, such as when BitLocker is enabled. Lenovo will continue to monitor and provide updated information and fixes, if applicable, as the industry develops a strategy for this issue.\n\nIn the interim, Lenovo recommends updating operating systems to use non-vulnerable versions of GRUB2, allowing boot from only authorized devices, and configuring a BIOS Administrator/Supervisor Password to prevent unauthorized boot device changes.\n\nFor affected Lenovo software and solutions using GRUB2, please refer to the Product Impact section below.\n\n**Product Impact:**\n\n\u00b7 Systems utilizing UEFI Secure Boot\n\n\u00b7 ThinkAgile CP-Spark Hypervisor Guardian\n\n\u00b7 ThinkAgile CP-Spark Storage Controller Guardian\n\n\u00b7 LeTOS (Linux)\n\n\u00b7 Lenovo Rackswitch NE10032\n\n\u00b7 Lenovo Rackswitch NE2572\n\n\u00b7 Lenovo Rackswitch NE0152T\n\n**References:**\n\nMicrosoft: <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>\n\nEclypsium Blog: [https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/](<https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>)\n\nUEFI Forum: [https://uefi.org/revocationlistfile](<https://uefi.org/revocationlistfile>)\n\nCanonical: [https://ubuntu.com/security/notices/USN-4432-1](<https://ubuntu.com/security/notices/USN-4432-1>)\n\nDebian: [https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot](<https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot>)\n\nRed Hat: [https://access.redhat.com/security/vulnerabilities/grub2bootloader](<https://access.redhat.com/security/vulnerabilities/grub2bootloader>)\n\nSUSE: [https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/](<https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/>)\n\nVMware: [https://kb.vmware.com/s/article/80181](<https://kb.vmware.com/s/article/80181>)\n\n[](<https://kb.vmware.com/s/article/80181>)\n\n**Revision History:**\n\nRevision | Date | Description \n---|---|--- \n1 | 2020-07-30 | Initial release \n \nFor a complete list of all Lenovo Product Security Advisories, click [here](<https://support.lenovo.com//product_security/home>).\n\nFor the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an \u201cas is\u201d basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.\n\n[](<https://kb.vmware.com/s/article/80181>)\n", "edition": 25, "modified": "2020-07-30T16:42:42", "published": "2020-07-30T15:15:08", "id": "LENOVO:PS500336-GRUB2-VULNERABILITY-AKA-BOOT-HOLE-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500336-grub2-vulnerability-aka-boot-hole", "title": "GRUB2 Vulnerability \u2013 AKA ", "type": "lenovo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "hp": [{"lastseen": "2020-10-13T01:01:51", "bulletinFamily": "software", "cvelist": ["CVE-2020-10713"], "description": "## Potential Security Impact\nArbitrary Code Execution \n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Eclypsium, Inc. \n\n## VULNERABILITY SUMMARY\nHP has been informed of a potential security vulnerability in GRUB2 bootloaders signed by the \"Microsoft Windows UEFI Driver Publisher\" key issued by \"Microsoft Corporation UEFI CA 2011\". This vulnerability can be used to bypass UEFI Secure Boot and gain arbitrary code execution on any system containing the \u201cMicrosoft UEFI Driver Publisher\u201d key regardless of which OS is normally loaded. \n\nMore information on the vulnerability can be found in the Eclypsium blog: <https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>[__](<https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/> \"External site.\" ) (in English). \n\n## RESOLUTION\nSpecific HP PCs will require an update to the Secure Boot Forbidden Signature Database (UEFI FW dbx) with the MS UEFI CA signed UEFI Revocation List File to prevent loading the identified bootloaders and shims. HP has identified the affected platforms in the list below. \n\nHP is providing a SoftPaq to update the UEFI FW dbx. The SoftPaq is identified in the table below. \n\nLinux may require mitigated shims and GRUB2 bootloaders to be signed and deployed by affected Linux OS vendors. Customers that install Linux on their platforms should check with their OS vendor on updates.\n", "edition": 4, "modified": "2020-07-29T00:00:00", "published": "2020-07-25T00:00:00", "id": "HP:C06707446", "href": "https://support.hp.com/us-en/document/c06707446", "title": "HPSBHF03678 rev. 1 - GRUB2 Bootloader Arbitrary Code Execution", "type": "hp", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:41:02", "bulletinFamily": "info", "cvelist": ["CVE-2020-10713"], "description": "### Overview\n\nThe GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. \n\n### Description\n\n[GRUB2](<https://www.gnu.org/software/grub/>) is a multiboot boot loader that replaced GRUB Legacy in [2012](<https://www.archlinux.org/news/grub-legacy-no-longer-supported/>). A boot loader is the first program that runs upon boot and loads the operating system. Many vendors also use a shim, a signed software package that contains the vendor\u2019s certificate and code that verifies and runs the boot loader. This means that firmware Certificate Authority providers can just sign the shim as opposed to all of the other supported programs.\n\nGRUB2 is vulnerable to a buffer overflow when parsing content from the GRUB2 configuration file (grub.cfg). This configuration file is an external file commonly located in the EFI System Partition and can therefore be modified by an attacker with administrator privileges without altering the integrity of the signed vendor shim and GRUB2 boot loader executables. This could allow an authenticated, local attacker to modify the contents of the GRUB2 configuration file to ensure that the attacker's chosen code is run before the operating system is loaded. This could allow the attacker to gain persistence on the device, even with Secure Boot enabled. All versions of GRUB2 that load commands from an external grub.cfg configuration file are vulnerable.\n\n### Impact\n\nAn authenticated, local attacker could modify the contents of the GRUB2 configuration file to execute arbitrary code that bypasses signature verification. This could allow the attacker to gain persistence on the device, even with Secure Boot enabled. Because the attacker's code runs before the operating system, the attacker could control how the operating system is loaded, directly patch the operating system, or even direct the bootloader to alternate OS images. All versions of GRUB2 that load commands from an external grub.cfg configuration file are vulnerable.\n\n### Solution\n\n**Apply an update if operationally feasible**\n\nUpdate GRUB2 to the latest version to address this vulnerability when operationally feasible. Some [patches](<https://access.redhat.com/solutions/5272311>) were originally reported to leave systems unbootable so users are encouraged to review and test patches prior to implementing them. Linux distributions and other vendors using GRUB2 will need to update their installers, boot loaders, and shims. New shims will need to be signed by the Microsoft 3rd Party UEFI Certificate Authority. Administrators of affected devices will need to update installed versions of operating systems as well as installer images, including disaster recovery media. Until all affected versions are added to the dbx revocation list, an attacker would be able to use a vulnerable version of shim and GRUB2. Eventually the UEFI revocation list (dbx) needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot.\n\n### Acknowledgements\n\nThanks to Mickey Shkatov and Jesse Michael from Eclypsium for reporting this vulnerability.\n\nThis document was written by Madison Oliver.\n\n### Vendor Information \n\n174059\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### CentOS __ Affected\n\nUpdated: 2020-07-31 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://lists.centos.org/pipermail/centos-announce/2020-July/035778.html>\n\n### Debian GNU/Linux __ Affected\n\nUpdated: 2020-07-31 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.debian.org/security/2020/dsa-4735>\n * <https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/>\n\n### GNU Grub Affected\n\nUpdated: 2020-07-29 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microsoft __ Affected\n\nUpdated: 2020-07-31 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>\n\n### Red Hat Inc. __ Affected\n\nUpdated: 2020-07-30 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://access.redhat.com/security/vulnerabilities/grub2bootloader>\n * <https://access.redhat.com/solutions/5272311>\n\n### SUSE Linux __ Affected\n\nUpdated: 2020-07-31 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.suse.com/support/kb/doc/?id=000019673>\n\n### Ubuntu __ Affected\n\nUpdated: 2020-07-31 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass>\n\n### VMware __ Affected\n\nUpdated: 2020-07-31 **CVE-2020-10713**| Affected \n---|--- \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://kb.vmware.com/s/article/80181>\n\n \n\n\n### References \n\n * <https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>\n * <https://www.gnu.org/software/grub/>\n * <https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/>\n * <https://www.archlinux.org/news/grub-legacy-no-longer-supported/>\n * <https://wiki.debian.org/SecureBoot>\n * <https://uefi.org/>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-10713 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-10713>) \n---|--- \n**Date Public:** | 2020-07-29 \n**Date First Published:** | 2020-07-29 \n**Date Last Updated: ** | 2020-08-13 17:52 UTC \n**Document Revision: ** | 6 \n", "modified": "2020-08-13T17:52:00", "published": "2020-07-29T00:00:00", "id": "VU:174059", "href": "https://www.kb.cert.org/vuls/id/174059", "type": "cert", "title": "GRUB2 bootloader is vulnerable to buffer overflow", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T09:05:39", "description": "According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-21T00:00:00", "title": "EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2020-1833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-08-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:grub2-pc-modules"], "id": "EULEROS_SA-2020-1833.NASL", "href": "https://www.tenable.com/plugins/nessus/139742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139742);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2020-1833)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1833\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be20eca9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.64.h6\",\n \"grub2-common-2.02-0.64.h6\",\n \"grub2-efi-x64-2.02-0.64.h6\",\n \"grub2-pc-2.02-0.64.h6\",\n \"grub2-pc-modules-2.02-0.64.h6\",\n \"grub2-tools-2.02-0.64.h6\",\n \"grub2-tools-extra-2.02-0.64.h6\",\n \"grub2-tools-minimal-2.02-0.64.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:30:10", "description": "This update for shim fixes the following issues :\n\nUpdate to the unified shim binary from SUSE Linux Enterprise 15-SP1\n(bsc#1168994)\n\nThis update addresses the 'BootHole' security issue (master CVE\nCVE-2020-10713), by disallowing binaries signed by the previous SUSE\nUEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux\nkernel and (if used) Xen from July / August 2020 are applied.\n\nAdditional fixes :\n\nshim-install: install MokManager to \\EFI\\boot to process the pending\nMOK request (bsc#1175626, bsc#1175656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES12 Security Update : shim (SUSE-SU-2020:2628-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-12-09T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:shim"], "id": "SUSE_SU-2020-2628-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143634", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2628-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143634);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-10713\");\n\n script_name(english:\"SUSE SLES12 Security Update : shim (SUSE-SU-2020:2628-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for shim fixes the following issues :\n\nUpdate to the unified shim binary from SUSE Linux Enterprise 15-SP1\n(bsc#1168994)\n\nThis update addresses the 'BootHole' security issue (master CVE\nCVE-2020-10713), by disallowing binaries signed by the previous SUSE\nUEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux\nkernel and (if used) Xen from July / August 2020 are applied.\n\nAdditional fixes :\n\nshim-install: install MokManager to \\EFI\\boot to process the pending\nMOK request (bsc#1175626, bsc#1175656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10713/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202628-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0a4f739\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2628=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2628=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2628=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2628=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:shim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-15+git47-22.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"shim\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:34", "description": "According to the version of the grub2 packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-10-12T00:00:00", "title": "EulerOS Virtualization 3.0.2.2 : grub2 (EulerOS-SA-2020-2184)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-10-12T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.2", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-pc-modules"], "id": "EULEROS_SA-2020-2184.NASL", "href": "https://www.tenable.com/plugins/nessus/141377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141377);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : grub2 (EulerOS-SA-2020-2184)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2184\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb46ac7e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10713\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.65.2.h15\",\n \"grub2-common-2.02-0.65.2.h15\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h15\",\n \"grub2-pc-2.02-0.65.2.h15\",\n \"grub2-pc-modules-2.02-0.65.2.h15\",\n \"grub2-tools-2.02-0.65.2.h15\",\n \"grub2-tools-extra-2.02-0.65.2.h15\",\n \"grub2-tools-minimal-2.02-0.65.2.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:06", "description": "According to the version of the grub2 packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-09-08T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : grub2 (EulerOS-SA-2020-1965)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-09-08T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules"], "id": "EULEROS_SA-2020-1965.NASL", "href": "https://www.tenable.com/plugins/nessus/140335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140335);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : grub2 (EulerOS-SA-2020-1965)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1965\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7be40641\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-0.65.2.h9\",\n \"grub2-efi-aa64-2.02-0.65.2.h9\",\n \"grub2-efi-aa64-modules-2.02-0.65.2.h9\",\n \"grub2-tools-2.02-0.65.2.h9\",\n \"grub2-tools-extra-2.02-0.65.2.h9\",\n \"grub2-tools-minimal-2.02-0.65.2.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:39", "description": "According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-21T00:00:00", "title": "EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-08-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules"], "id": "EULEROS_SA-2020-1832.NASL", "href": "https://www.tenable.com/plugins/nessus/139741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139741);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1832)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1832\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8323c12b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-62.h24.eulerosv2r8\",\n \"grub2-efi-aa64-2.02-62.h24.eulerosv2r8\",\n \"grub2-efi-aa64-cdboot-2.02-62.h24.eulerosv2r8\",\n \"grub2-efi-aa64-modules-2.02-62.h24.eulerosv2r8\",\n \"grub2-tools-2.02-62.h24.eulerosv2r8\",\n \"grub2-tools-extra-2.02-62.h24.eulerosv2r8\",\n \"grub2-tools-minimal-2.02-62.h24.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:47", "description": "According to the version of the grub2 packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-28T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-1891)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-08-28T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules"], "id": "EULEROS_SA-2020-1891.NASL", "href": "https://www.tenable.com/plugins/nessus/139994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139994);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-1891)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1891\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bbd1ad9c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-62.h24.eulerosv2r8\",\n \"grub2-efi-aa64-2.02-62.h24.eulerosv2r8\",\n \"grub2-efi-aa64-modules-2.02-62.h24.eulerosv2r8\",\n \"grub2-tools-2.02-62.h24.eulerosv2r8\",\n \"grub2-tools-extra-2.02-62.h24.eulerosv2r8\",\n \"grub2-tools-minimal-2.02-62.h24.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:07:04", "description": "According to the version of the grub2 packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-11-06T00:00:00", "title": "EulerOS Virtualization 3.0.6.6 : grub2 (EulerOS-SA-2020-2462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2", "cpe:/o:huawei:euleros:uvp:3.0.6.6", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-pc-modules"], "id": "EULEROS_SA-2020-2462.NASL", "href": "https://www.tenable.com/plugins/nessus/142544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142544);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : grub2 (EulerOS-SA-2020-2462)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2462\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2fc9fb1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-common-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-efi-x64-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-efi-x64-cdboot-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-pc-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-pc-modules-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-tools-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-tools-extra-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-tools-minimal-2.02-0.65.2.h15.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-12T14:48:25", "description": "This update for shim fixes the following issues :\n\nThis update addresses the 'BootHole' security issue (master CVE\nCVE-2020-10713), by disallowing binaries signed by the previous SUSE\nUEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux\nkernel and (if used) Xen from July / August 2020 are applied.\n\nChanges :\n\nUse vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)\n\nAdd dbx-cert.tar.xz which contains the certificates to block and a\nscript, generate-vendor-dbx.sh, to generate vendor-dbx.bin\n\nAdd vendor-dbx.bin as the vendor dbx to block unwanted keys\n\nUpdate the path to grub-tpm.efi in shim-install (bsc#1174320)\n\nOnly check EFI variable copying when Secure Boot is enabled\n(bsc#1173411)\n\nUse the full path of efibootmgr to avoid errors when invoking\nshim-install from packagekitd (bsc#1168104)\n\nshim-install: add check for btrfs is used as root file system to\nenable relative path lookup for file. (bsc#1153953)\n\nshim-install: install MokManager to \\EFI\\boot to process the pending\nMOK request (bsc#1175626, bsc#1175656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : shim (SUSE-SU-2020:2629-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:shim-debugsource", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:shim", "p-cpe:/a:novell:suse_linux:shim-debuginfo"], "id": "SUSE_SU-2020-2629-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2629-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143746);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-10713\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : shim (SUSE-SU-2020:2629-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for shim fixes the following issues :\n\nThis update addresses the 'BootHole' security issue (master CVE\nCVE-2020-10713), by disallowing binaries signed by the previous SUSE\nUEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux\nkernel and (if used) Xen from July / August 2020 are applied.\n\nChanges :\n\nUse vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)\n\nAdd dbx-cert.tar.xz which contains the certificates to block and a\nscript, generate-vendor-dbx.sh, to generate vendor-dbx.bin\n\nAdd vendor-dbx.bin as the vendor dbx to block unwanted keys\n\nUpdate the path to grub-tpm.efi in shim-install (bsc#1174320)\n\nOnly check EFI variable copying when Secure Boot is enabled\n(bsc#1173411)\n\nUse the full path of efibootmgr to avoid errors when invoking\nshim-install from packagekitd (bsc#1168104)\n\nshim-install: add check for btrfs is used as root file system to\nenable relative path lookup for file. (bsc#1153953)\n\nshim-install: install MokManager to \\EFI\\boot to process the pending\nMOK request (bsc#1175626, bsc#1175656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-10713/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202629-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a590a585\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2629=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2629=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:shim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:shim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:shim-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"shim-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"shim-debuginfo-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"shim-debugsource-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-debuginfo-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-debugsource-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"shim-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"shim-debuginfo-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"shim-debugsource-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-debuginfo-15+git47-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"shim-debugsource-15+git47-3.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"shim\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:39", "description": "According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-21T00:00:00", "title": "EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2020-1834)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-08-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:grub2-pc-modules"], "id": "EULEROS_SA-2020-1834.NASL", "href": "https://www.tenable.com/plugins/nessus/139743", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139743);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2020-1834)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1834\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1fb7143\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.64.h9\",\n \"grub2-common-2.02-0.64.h9\",\n \"grub2-efi-x64-2.02-0.64.h9\",\n \"grub2-efi-x64-cdboot-2.02-0.64.h9\",\n \"grub2-efi-x64-modules-2.02-0.64.h9\",\n \"grub2-pc-2.02-0.64.h9\",\n \"grub2-pc-modules-2.02-0.64.h9\",\n \"grub2-tools-2.02-0.64.h9\",\n \"grub2-tools-extra-2.02-0.64.h9\",\n \"grub2-tools-minimal-2.02-0.64.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:02", "description": "According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-09-02T00:00:00", "title": "EulerOS 2.0 SP5 : grub2 (EulerOS-SA-2020-1946)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-10713"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "p-cpe:/a:huawei:euleros:grub2-common", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:grub2-pc-modules"], "id": "EULEROS_SA-2020-1946.NASL", "href": "https://www.tenable.com/plugins/nessus/140167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140167);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10713\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS 2.0 SP5 : grub2 (EulerOS-SA-2020-1946)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the grub2 packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code\n execution during boot process (CVE-2020-10713)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1946\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fedb0ed0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-common-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-efi-x64-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-efi-x64-cdboot-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-pc-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-pc-modules-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-tools-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-tools-extra-2.02-0.65.2.h15.eulerosv2r7\",\n \"grub2-tools-minimal-2.02-0.65.2.h15.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cisa": [{"lastseen": "2021-02-24T18:06:39", "bulletinFamily": "info", "cvelist": ["CVE-2020-10713"], "description": "Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability\u2014CVE-2020-10713\u2014that a local attacker could exploit to take control of an affected system.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center\u2019s Vulnerability Note [VU#174059](<https://www.kb.cert.org/vuls/id/174059>) for mitigations and to refer to operating system vendors for appropriate patches, when available. CISA encourages administrators to test rigorously before applying patches as changes to the bootloader carry high operational risk.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/07/30/gnu-grub2-vulnerability>); we'd welcome your feedback.\n", "modified": "2020-07-31T00:00:00", "published": "2020-07-30T00:00:00", "id": "CISA:4CA744242533EA980240D07CC5A48867", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/07/30/gnu-grub2-vulnerability", "type": "cisa", "title": "GNU GRUB2 Vulnerability ", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2020-07-29T20:27:21", "bulletinFamily": "info", "cvelist": ["CVE-2020-10713"], "description": "[](<https://thehackernews.com/images/-K0sTedmZ7pE/XyHKT6WlooI/AAAAAAAA3Gs/nlq-_y7KlHIRQuuN7WzCk630i8g7iDDOQCLcBGAsYHQ/s728-e100/linux-grub2-bootloader-vulnerability.jpg>)\n\nA team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide\u2014including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. \n \nDubbed '**BootHole**' and tracked as **CVE-2020-10713**, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems. \n \nSecure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process. \n\n\n \n\"One of the explicit design goals of Secure Boot is to prevent unauthorized code, even running with administrator privileges, from gaining additional privileges and pre-OS persistence by disabling Secure Boot or otherwise modifying the boot chain,\" the report explained. \n \n\n\n## GRUB2 Bootloader Vulnerability\n\n \nDiscovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables\u2014leaving an opportunity for attackers to break the hardware root of trust mechanism. \n \n\n\n[](<https://thehackernews.com/images/-9Ll_vMvErag/XyHGGsjAwaI/AAAAAAAA3GY/CMItic4dlJwfdzXRGFkpfzRujaEbdpJhACLcBGAsYHQ/s728-e100/grub-bootloader-malware.jpg>)\n\n \nTo be noted, the grub.cfg file is located in the EFI system partition, and thus, to modify the file, an attacker still needs an initial foothold on the targeted system with admin privileges that would eventually provide the attacker with an additional escalation of privilege and persistence on the device. \n \nThough GRUB2 is the standard bootloader used by most Linux systems, it supports other operating systems, kernels, and hypervisors like XEN as well. \n \n\"The buffer overflow allows the attacker to gain arbitrary code execution within the UEFI execution environment, which could be used to run malware, alter the boot process, directly patch the OS kernel, or execute any number of other malicious actions,\" researchers said. \n\n\n \nThus, to exploit BootHole flaw on Windows systems, attackers can replace the default bootloaders installed on Windows systems with a vulnerable version of GRUB2 to install the rootkit malware. \n \n\"The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority,\" the report says. \n \nAccording to the [detailed report](<https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf>) researchers shared with The Hacker News, this vulnerability can lead to major consequences, and that's primarily because the attack allows hackers to execute malicious code even before the operating system boots, making it difficult for security software to detect the presence of malware or remove it. \n \n\n\n[](<https://thehackernews.com/images/-wiWj_k4OVuE/XyHGZKjDS9I/AAAAAAAA3Gg/I-T1Li2CkYchHt7wQ1-_yQ64jE62UMLrgCLcBGAsYHQ/s728-e100/linux-grub-malware.jpg>)\n\n \nBesides this, the researcher also added that \"the UEFI execution environment does not have Address Space Layout Randomization (ASLR) or Data Execution Prevention (DEP/NX) or other exploit mitigation technologies typically found in modern operating systems, so creating exploits for this kind of vulnerability is significantly easier.\" \n \n\n\n## Just Installing Updates and Patches Wouldn't Resolve the Issue\n\n \nExperts at Eclypsium have already contacted related industry entities, including OS vendors and computer manufacturers, to help them patch the issue. \n \nHowever, it doesn't appear to be an easy task to patch the issue altogether. \n \nJust installing patches with updated GRUB2 bootloader would not resolve the issue, because attackers can still replace the device's existing bootloader with the vulnerable version. \n \nAccording to Eclypsium, even \"mitigation will require new bootloaders to be signed and deployed, and vulnerable bootloaders should be revoked to prevent adversaries from using older, vulnerable versions in an attack.\" \n \nSo, the affected vendors would need first to release the new versions of their bootloader shims to be signed by the Microsoft 3rd Party UEFI CA. \n \nEventually, the UEFI revocation list (dbx) then also needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot. \n \nThis multi-stage mitigation process will likely take years for organizations to complete patching. \n \n\"However, full deployment of this revocation process will likely be very slow. UEFI-related updates have had a history of making devices unusable, and vendors will need to be very cautious. If the revocation list (dbx) is updated before a given Linux bootloader and shim are updated, then the operating system will not load,\" researchers warned. \n \nIn an [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>) released today, Microsoft acknowledged the issue, informing that it's \"working to complete validation and compatibility testing of a required Windows Update that addresses this vulnerability.\" \n \nIt also recommended users to apply security patches as soon as they are rolled out in the coming weeks. \n \nBesides Microsoft, many popular Linux distributions have also released related advisories explaining the flaw, possible mitigations, and timeline on the upcoming security patches. \n \nHere's a list for all advisories: \n\n\n * [Red Hat](<https://access.redhat.com/security/vulnerabilities/grub2bootloader>) (Fedora and RHEL)\n * [Canonical](<https://ubuntu.com/security/notices/USN-4432-1>) (Ubuntu)\n * [SuSE](<https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/>) (SLES and OpenSUSE)\n * [Debian](<https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/>)\n * [VMware](<https://kb.vmware.com/s/article/80181>)\n * [Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>)\n * [HP](<https://support.hp.com/us-en/document/c06707446>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2020-07-29T19:50:40", "published": "2020-07-29T19:13:00", "id": "THN:885767C284ED14ED2B32F6713F9AA21F", "href": "https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html", "type": "thn", "title": "Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2020-10-05T13:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-14364"], "description": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: cockpit-ovirt (0.14.11), imgbased (1.2.12), redhat-release-virtualization-host (4.4.2), redhat-virtualization-host (4.4.2). (BZ#1875362, BZ#1878045)\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-05T17:04:27", "published": "2020-10-05T16:59:40", "id": "RHSA-2020:4172", "href": "https://access.redhat.com/errata/RHSA-2020:4172", "type": "redhat", "title": "(RHSA-2020:4172) Important: Red Hat Virtualization security, bug fix, and enhancement update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-07T18:04:03", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-14364"], "description": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.11), redhat-virtualization-host (4.3.11). (BZ#1868307, BZ#1878044)\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-30T13:40:45", "published": "2020-09-30T13:07:09", "id": "RHSA-2020:4115", "href": "https://access.redhat.com/errata/RHSA-2020:4115", "type": "redhat", "title": "(RHSA-2020:4115) Important: redhat-release-virtualization-host and redhat-virtualization-host security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-29T20:06:09", "bulletinFamily": "unix", "cvelist": ["CVE-2019-20908", "CVE-2020-10713", "CVE-2020-15780"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908)\n\n* kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837441)\n\n* kernel-rt: update RT source tree to the RHEL-8.2.z3 source tree (BZ#1856816)", "modified": "2020-07-29T22:12:00", "published": "2020-07-29T21:13:32", "id": "RHSA-2020:3219", "href": "https://access.redhat.com/errata/RHSA-2020:3219", "type": "redhat", "title": "(RHSA-2020:3219) Moderate: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-29T20:04:13", "bulletinFamily": "unix", "cvelist": ["CVE-2019-20908", "CVE-2020-10713", "CVE-2020-15780"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908)\n\n* kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837433)\n\n* [Regression] RHEL8.2 RC - [Boston/DD2.1] [RHEL8.2/kernel-4.18.0-193.el8.ppc64le] Host kernel crashes while running storage test bucket on KVM guest (iscsi) (BZ#1852048)\n\n* RHEL8.2 - s390/mm: fix panic in gup_fast on large pud (BZ#1853336)", "modified": "2020-07-29T22:12:01", "published": "2020-07-29T21:13:27", "id": "RHSA-2020:3218", "href": "https://access.redhat.com/errata/RHSA-2020:3218", "type": "redhat", "title": "(RHSA-2020:3218) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-29T22:09:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-20908", "CVE-2020-10713", "CVE-2020-15780"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908)\n\n* kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837431)", "modified": "2020-07-30T00:11:15", "published": "2020-07-29T23:56:28", "id": "RHSA-2020:3228", "href": "https://access.redhat.com/errata/RHSA-2020:3228", "type": "redhat", "title": "(RHSA-2020:3228) Moderate: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-29T22:10:03", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11487", "CVE-2020-10713", "CVE-2020-12888"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)\n\n* Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837426)", "modified": "2020-07-30T01:24:14", "published": "2020-07-30T01:04:32", "id": "RHSA-2020:3230", "href": "https://access.redhat.com/errata/RHSA-2020:3230", "type": "redhat", "title": "(RHSA-2020:3230) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-29T22:08:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-12653", "CVE-2020-12654"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837424)", "modified": "2020-07-30T01:25:33", "published": "2020-07-30T01:16:10", "id": "RHSA-2020:3232", "href": "https://access.redhat.com/errata/RHSA-2020:3232", "type": "redhat", "title": "(RHSA-2020:3232) Important: kernel security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-29T20:06:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-12653", "CVE-2020-12654"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837428)\n\n* RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10 kernels. (BZ#1838601)\n\n* Possible race condition updating the cfg structure in __assign_irq_vector. (BZ#1854553)", "modified": "2020-07-29T23:57:08", "published": "2020-07-29T23:16:09", "id": "RHSA-2020:3224", "href": "https://access.redhat.com/errata/RHSA-2020:3224", "type": "redhat", "title": "(RHSA-2020:3224) Important: kernel security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-29T22:08:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837427)\n\n* Fix dpdk regression introduced by bz1837297 (BZ#1852775)\n\n* Possible race condition updating the cfg structure in __assign_irq_vector. (BZ#1854552)", "modified": "2020-07-30T00:23:11", "published": "2020-07-29T23:50:14", "id": "RHSA-2020:3226", "href": "https://access.redhat.com/errata/RHSA-2020:3226", "type": "redhat", "title": "(RHSA-2020:3226) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-29T18:03:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19527", "CVE-2020-10713", "CVE-2020-10757", "CVE-2020-12653", "CVE-2020-12654"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837438)\n\n* kernel-rt: update to the latest RHEL7.8.z3 source tree (BZ#1848017)", "modified": "2020-07-29T21:46:18", "published": "2020-07-29T21:19:48", "id": "RHSA-2020:3221", "href": "https://access.redhat.com/errata/RHSA-2020:3221", "type": "redhat", "title": "(RHSA-2020:3221) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-11-12T03:29:57", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-10759"], "description": "appstream-data\n[8-20200724]\n- Regenerate the RHEL metadata to include the EPEL apps too\n- Resolves: #1844488\n[8-20200630]\n- Regenerate the RHEL metadata\n- Resolves: #1844488\nfwupd\n[1.4.2-4.0.1]\n- Build with the updated Oracle certificate\n- Use oraclesecureboot301 as certdir [Orabug: 29881368]\n- Use new signing certificate (Alex Burmashev)\n[1.4.2-4]\n- Add signing with redhatsecureboot503 cert\n Related: CVE-2020-10713\n[1.4.2-3]\n- Obsolete the now-dead fwupdate package to prevent file conflicts\n- Resolves: #1859202\n[1.4.2-2]\n- Security fix for CVE-2020-10759\n- Resolves: #1844324\n[1.4.2-1]\n- New upstream release\n- Backport a patch to fix the synaptics fingerprint reader update.\n- Resolves: #1775277\n[1.4.1-1]\n- New upstream release\n- Resolves: #1775277\ngnome-software\n[3.36.1-4]\n- Fix 'Show Details' to correctly work for rpm-installed firefox\n- Resolves: #1845714\n[3.36.1-3]\n- Upload correct 3.36.1 tarball\n- Fix hardcoded desktop and appdata names to match whats in RHEL 8.3\n- Add back shell extensions support\n- Resolves: #1839774\n[3.36.1-2]\n- Add support for basic auth and webflow auth in flatpak plugin\n- Resolves: #1815502\n[3.36.1-1]\n- Update to 3.36.1\n- Resolves: #1797932\nlibxmlb\n[0.1.15-1]\n- Initial release for RHEL", "edition": 1, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-4436", "href": "http://linux.oracle.com/errata/ELSA-2020-4436.html", "title": "gnome-software and fwupd security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-31T07:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-15780", "CVE-2019-20908"], "description": "[4.18.0-193.14.3_2.OL8]\n- Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7\n[4.18.0-193.14.3_2]\n- Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713}\n[4.18.0-193.14.2_2]\n- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}\n- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}\n- [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}\n- [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}\n[4.18.0-193.14.1_2]\n- [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975]\n- [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975]\n- [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975]\n- [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975]\n- [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975]\n- [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975]\n- [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775]\n- [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980]", "edition": 1, "modified": "2020-07-30T00:00:00", "published": "2020-07-30T00:00:00", "id": "ELSA-2020-3218", "href": "http://linux.oracle.com/errata/ELSA-2020-3218.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-30T09:34:46", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19527", "CVE-2020-10713", "CVE-2020-12654", "CVE-2020-12653", "CVE-2020-10757"], "description": "[3.10.0-1127.18.2.OL7]\n- Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3\n[3.10.0-1127.18.2]\n- [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837429 1837430] {CVE-2020-10713}\n- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837429 1837430] {CVE-2020-10713}\n[3.10.0-1127.18.1]\n- [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1838602 1830606]\n- [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1838602 1830606]\n[3.10.0-1127.17.1]\n- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1852245 1820632]\n- [fs] aio: fix inconsistent ring state (Jeff Moyer) [1850055 1845326]\n- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844069 1844070] {CVE-2020-12654}\n- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844025 1844026] {CVE-2020-12653}\n- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}\n- [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}\n- [mm] mm: mremap: streamline move_page_tables()'s move_huge_pmd() corner case (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}\n- [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843436 1843437] {CVE-2020-10757}\n[3.10.0-1127.16.1]\n- [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1850500 1752067]\n- [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1842994 1818001]\n- [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1842994 1818001]\n[3.10.0-1127.15.1]\n- [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1847343 1663720]\n- [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1847343 1663720]\n- [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1847343 1663720]\n- [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1847343 1663720]\n- [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1847343 1663720]\n- [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1847343 1663720]\n- [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847333 1834278]\n- [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1841825 1837127]\n- [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1830889 1810643]\n- [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1830889 1810643]\n- [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1803448 1814257] {CVE-2019-19527}\n- [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1803448 1814257] {CVE-2019-19527}\n[3.10.0-1127.14.1]\n- [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1845520 1813803]\n- [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Don't hold the inode lock across fsync() (Benjamin Coddington) [1845520 1813803]\n- [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1845520 1813803]\n- [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1845520 1813803]\n- [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1845520 1813803]\n- [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (Jonathan Toppins) [1834190 1823679]", "edition": 1, "modified": "2020-07-30T00:00:00", "published": "2020-07-30T00:00:00", "id": "ELSA-2020-3220", "href": "http://linux.oracle.com/errata/ELSA-2020-3220.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-08T13:45:23", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "[2.02-82.0.2.el8_2.1]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,\n CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries", "edition": 3, "modified": "2020-07-29T00:00:00", "published": "2020-07-29T00:00:00", "id": "ELSA-2020-5786", "href": "http://linux.oracle.com/errata/ELSA-2020-5786.html", "title": "grub2 security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T13:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "[2.02-81.0.4]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,\n CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries\n[2.02-0.81.0.2]\n- Enable common subpackage build for aarch64\n- Disable RHEL patch 0183-efinet-retransmit-if-our-device-is-busy.patch to comply with UEFI spec\n- increase timeout to 10ms in efinet.c, [Orabug: 27982684]\n[2.02-0.81.0.1]\n- Update upstream references [Orabug: 30138841]\n- build with the updated Oracle certificate\n- Restore symlink to grub environment file, that was removed during grub2-efi update\n if grub2 package is also installed on UEFI machines [Orabug: 27345750]\n- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]\n- Pack files in efidir with disabled rpm verification [Orabug: 27166026]\n- Fix comparison in patch for [Orabug: 18504756]\n- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]\n- replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev)\n- update Oracle Linux certificates (Alexey Petrenko)\n- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]\n- Use different titles for UEK and RHCK kernels [Orabug: 18504756]\n- changed efidir with 0700 access rights, redhat chose another approach in rhbz#1496952, [Orabug: 28622344]\n- revert orabug [Orabug: 27166026] changes", "edition": 3, "modified": "2020-07-29T00:00:00", "published": "2020-07-29T00:00:00", "id": "ELSA-2020-5790", "href": "http://linux.oracle.com/errata/ELSA-2020-5790.html", "title": "grub2 security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T13:44:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "[2.02-81.0.3]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,\n CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries", "edition": 3, "modified": "2020-07-29T00:00:00", "published": "2020-07-29T00:00:00", "id": "ELSA-2020-5782", "href": "http://linux.oracle.com/errata/ELSA-2020-5782.html", "title": "grub2 security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2020-10-14T22:24:20", "bulletinFamily": "info", "cvelist": ["CVE-2020-10713", "CVE-2020-5135"], "description": "Billions of Windows and Linux devices are vulnerable to cyberattacks stemming from a bug in the GRUB2 bootloader, researchers are warning.\n\nGRUB2 (which stands for the GRand Unified Bootloader version 2) is the default bootloader for the majority of computing systems. Its job is to manage part of the start-up process \u2013 it either presents a menu and awaits user input, or automatically transfers control to an operating system kernel.\n\nSecure Boot is an industry standard that ensures that a device boots using only trusted software. When a computer starts, the firmware checks the signatures of UEFI firmware drivers, EFI applications and the operating system. If the signatures are valid, the computer boots, and the firmware gives control to the operating system. According to Eclypsium researchers, the bug tracked as CVE-2020-10713 could allow attackers to get around these protections and execute arbitrary code during the boot-up process, even when Secure Boot is enabled and properly performing signature verification.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nDubbed BootHole by Eclypsium because it opens up a hole in the boot process, the new bug is a buffer overflow vulnerability in the way that GRUB2 parses content from the GRUB2 config file (grub.cfg), according to Eclypsium.\n\n\u201cThe GRUB2 config file is a text file and typically is not signed like other files and executables,\u201d researchers wrote in the [firm\u2019s analysis](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>), released on Wednesday. As a result, Secure Boot doesn\u2019t check it. Thus, an attacker could modify the contents of the GRUB2 configuration file to include attack code. And further, that file is loaded before the operating system is loaded, so the attack code runs first.\n\n\u201cIn this way, attackers gain persistence on the device,\u201d explained researchers.\n\nOn the technical front, Red Hat noted that the grub.cfg file is composed of several string tokens.\n\n\u201cThe configuration file is loaded and parsed at GRUB initialization right after the initial boot loader, called shim, has loaded it,\u201d the project said in [an advisory](<https://access.redhat.com/security/vulnerabilities/grub2bootloader>) issued on Wednesday. \u201cDuring the parser stage, the configuration values are copied to internal buffers stored in memory. Configuration tokens that are longer in length than the internal buffer size end up leading to a buffer overflow issue. An attacker may leverage this flaw to execute arbitrary code, further hijacking the machine\u2019s boot process and bypassing Secure Boot protection. Consequently, it is possible for unsigned binary code to be loaded, further jeopardizing the integrity of the system.\u201d\n\nOnce in, attackers have \u201cnear total control\u201d over a target machine: \u201cOrganizations should be monitoring their systems for threats and ransomware that use vulnerable bootloaders to infect or damage systems,\u201d according to the analysis.\n\nThe bug carries a high-severity CVSS rating of 8.2 (Red Hat deems it \u201cmoderate\u201d in severity, and Microsoft [characterizes it as \u201cimportant\u201d](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>)). BootHole likely avoided a critical rating because in order to exploit it, an attacker would need to first gain administrative privileges.\n\n\u201cAn attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access,\u201d according to Red Hat.\n\nThe bad news is that GRUB2 is nearly ubiquitous across the computing landscape.\n\n\u201cThe vulnerability is in the GRUB2 bootloader utilized by most Linux systems,\u201d the researchers said. \u201cThe problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority.\u201d\n\nThey added that the majority of computers (laptops, desktops, servers and workstations) are vulnerable, and that the vulnerability also affects network appliances, proprietary gear specific to healthcare, financial and other verticals, internet-of-things (IoT) devices, and operational technology (OT) and SCADA equipment in industrial environments. In all, billions of devices are susceptible.\n\nWorse, no simple patch or firmware update can fix the issue, according to Eclypsium.\n\n\u201cMitigation is complex and can be risky and will require the specific vulnerable program to be signed and deployed, and vulnerable programs should be revoked to prevent adversaries from using older, vulnerable versions in an attack,\u201d the researchers said. \u201cThe three-stage mitigation process will likely take years for organizations to complete patching.\u201d\n\nOn the supplier side, the fix will require the release of new installers and bootloaders for all versions of Linux, as well as new versions of vendors\u2019 \u201cshims\u201d (the aforementioned first-stage boot loaders) to be signed by the Microsoft Third-Party UEFI certificate authority, Eclypsium warned. Also, hardware-makers that provision their own keys into their hardware at the factory level (which sign GRUB2 directly) will need to provide updates, and revoke their own vulnerable versions of GRUB2.\n\n\u201cIt is important to note that until all affected versions are added to the [Secure Boot revocation list, a.k.a. dbx], an attacker would be able to use a vulnerable version of shim and GRUB2 to attack the system,\u201d researchers explained. \u201cThis means that every device that trusts the Microsoft 3rd Party UEFI CA will be vulnerable for that period of time.\u201d\n\nEclypsium has coordinated responsible disclosure of BootHole with a raft of affected vendors and Linux distros, including Microsoft, the UEFI Security Response Team (USRT), Oracle, Red Hat (Fedora and RHEL), Canonical (Ubuntu), SuSE (SLES and openSUSE), Debian, Citrix, VMware, and various OEMs and software vendors, several of which have issued [their own advisories](<https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/>).\n\nMicrosoft will be releasing a set of signed dbx updates, which can be applied to systems to block shims that can be used to load the vulnerable versions of GRUB2, according to Eclypsium.\n\n\u201cDue to the risk of bricking systems or otherwise breaking operational or recovery workflows, these dbx updates will initially be made available for interested parties to manually apply to their systems rather than pushing the revocation entries and applying them automatically,\u201d the firm noted. \u201cOrganizations should additionally ensure they have appropriate capabilities for monitoring UEFI bootloaders and firmware and verifying UEFI configurations, including revocation lists, in their systems.\u201d\n\nOrganizations should also test device-recovery capabilities, including the \u201creset to factory defaults\u201d functionality, so they can recover it if a device is negatively impacted by an update.\n\n**_Complimentary Threatpost Webinar_**_: Want to learn more about Confidential Computing and how it can supercharge your cloud security? This webinar \u201c_**_[Cloud Security Audit: A Confidential Computing Roundtable](<https://attendee.gotowebinar.com/register/3844090971254297614?source=art>)_**_\u201d brings top cloud-security experts together to explore how _**_Confidential Computing_**_ is a game changer for securing dynamic cloud data and preventing IP exposure. Join us _**_[Wednesday Aug. 12 at 2 p.m. ET](<https://attendee.gotowebinar.com/register/3844090971254297614?source=art>) _**_for this_**_ FREE _**_live webinar._\n\n_ _\n", "modified": "2020-07-29T19:53:23", "published": "2020-07-29T19:53:23", "id": "THREATPOST:D2BB5A9DDB021A7E256A4E0D8A6BDA55", "href": "https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/", "type": "threatpost", "title": "Billions of Devices Impacted by Secure Boot Bypass", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-07-30T03:34:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19527", "CVE-2020-10713", "CVE-2020-12654", "CVE-2020-12653", "CVE-2020-10757"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3220\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)\n\n* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)\n\n* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL7.7 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1830889)\n\n* [DELL EMC 7.8 BUG bnxt_en] Error messages related to hwrm observed for BCM 57504 under dmesg in RHEL 7.8 (BZ#1834190)\n\n* kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837429)\n\n* RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10 kernels. (BZ#1838602)\n\n* kipmi thread high CPU consumption when performing BMC firmware upgrade (BZ#1841825)\n\n* RHEL7.7 - virtio-blk: fix hw_queue stopped on arbitrary error (kvm) (BZ#1842994)\n\n* rhel 7 infinite blocked waiting on inode_dio_wait in nfs (BZ#1845520)\n\n* http request is taking more time for endpoint running on different host via nodeport service (BZ#1847333)\n\n* ext4: change LRU to round-robin in extent status tree shrinker (BZ#1847343)\n\n* libaio is returning duplicate events (BZ#1850055)\n\n* After upgrade to 3.9.89 pod containers with CPU limits fail to start due to cgroup error (BZ#1850500)\n\n* Fix dpdk regression introduced by bz1837297 (BZ#1852245)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035780.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-07-30T00:08:16", "published": "2020-07-30T00:08:16", "id": "CESA-2020:3220", "href": "http://lists.centos.org/pipermail/centos-announce/2020-July/035780.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-08T13:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3217\n\n\nThe grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupdate packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 doesn't handle relative paths correctly for UEFI HTTP Boot (BZ#1616395)\n\n* UEFI HTTP boot over IPv6 does not work (BZ#1732765)\n\nUsers of grub2 are advised to upgrade to these updated packages, which fix these bugs.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035781.html\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035783.html\nhttp://lists.centos.org/pipermail/centos-announce/2020-July/035784.html\n\n**Affected packages:**\ngrub2\ngrub2-common\ngrub2-efi-ia32\ngrub2-efi-ia32-cdboot\ngrub2-efi-ia32-modules\ngrub2-efi-x64\ngrub2-efi-x64-cdboot\ngrub2-efi-x64-modules\ngrub2-i386-modules\ngrub2-pc\ngrub2-pc-modules\ngrub2-tools\ngrub2-tools-extra\ngrub2-tools-minimal\nmokutil\nshim\nshim-ia32\nshim-signed\nshim-unsigned-ia32\nshim-unsigned-x64\nshim-x64\n\n**Upstream details at:**\n", "edition": 3, "modified": "2020-07-30T00:10:07", "published": "2020-07-30T00:08:50", "id": "CESA-2020:3217", "href": "http://lists.centos.org/pipermail/centos-announce/2020-July/035781.html", "title": "grub2, mokutil, shim security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-08-08T19:34:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-14311", "CVE-2020-14308"], "description": "This update for grub2 fixes the following issues:\n\n - Fix for CVE-2020-10713 (bsc#1168994)\n - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n (bsc#1173812)\n - Fix for CVE-2020-15706 (bsc#1174463)\n - Fix for CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic expression for\n buffer\n - Use grub_calloc for overflow check and return NULL when it would occur\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n", "edition": 1, "modified": "2020-08-08T18:16:08", "published": "2020-08-08T18:16:08", "id": "OPENSUSE-SU-2020:1169-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html", "title": "Security update for grub2 (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T19:34:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-14311", "CVE-2020-14308"], "description": "This update for grub2 fixes the following issues:\n\n - CVE-2020-10713 (bsc#1168994)\n - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n (bsc#1173812)\n - CVE-2020-15706 (bsc#1174463)\n - CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic expression for\n buffer allocations may include unvalidated data\n - Use grub_calloc for overflow check and return NULL when it would occur\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-08-08T18:14:14", "published": "2020-08-08T18:14:14", "id": "OPENSUSE-SU-2020:1168-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html", "title": "Security update for grub2 (important)", "type": "suse", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-02-22T01:17:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-14311", "CVE-2020-14308"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4735-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nJuly 29, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : grub2\nCVE ID : CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310\n CVE-2020-14311 CVE-2020-15706 CVE-2020-15707\n\nSeveral vulnerabilities have been discovered in the GRUB2 bootloader.\n\nCVE-2020-10713\n\n A flaw in the grub.cfg parsing code was found allowing to break\n UEFI Secure Boot and load arbitrary code. Details can be found at\n https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\n\nCVE-2020-14308\n\n It was discovered that grub_malloc does not validate the allocation\n size allowing for arithmetic overflow and subsequently a heap-based\n buffer overflow.\n\nCVE-2020-14309\n\n An integer overflow in grub_squash_read_symlink may lead to a heap-\n based buffer overflow.\n\nCVE-2020-14310\n\n An integer overflow in read_section_from_string may lead to a heap-\n based buffer overflow.\n\nCVE-2020-14311\n\n An integer overflow in grub_ext2_read_link may lead to a heap-based\n buffer overflow.\n\nCVE-2020-15706\n\n script: Avoid a use-after-free when redefining a function during\n execution.\n\nCVE-2020-15707\n\n An integer overflow flaw was found in the initrd size handling.\n\nFurther detailed information can be found at\nhttps://www.debian.org/security/2020-GRUB-UEFI-SecureBoot\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.02+dfsg1-20+deb10u1.\n\nWe recommend that you upgrade your grub2 packages.\n\nFor the detailed security status of grub2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/grub2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2020-07-29T17:00:56", "published": "2020-07-29T17:00:56", "id": "DEBIAN:DSA-4735-1:A9183", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00141.html", "title": "[SECURITY] [DSA 4735-1] grub2 security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-08-08T13:59:21", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "Jesse Michael and Mickey Shkatov discovered that the configuration parser \nin GRUB2 did not properly exit when errors were discovered, resulting in \nheap-based buffer overflows. A local attacker could use this to execute \narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)\n\nChris Coulson discovered that the GRUB2 function handling code did not \nproperly handle a function being redefined, leading to a use-after-free \nvulnerability. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15706)\n\nChris Coulson discovered that multiple integer overflows existed in GRUB2 \nwhen handling certain filesystems or font files, leading to heap-based \nbuffer overflows. A local attacker could use these to execute arbitrary \ncode and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, \nCVE-2020-14310, CVE-2020-14311)\n\nIt was discovered that the memory allocator for GRUB2 did not validate \nallocation size, resulting in multiple integer overflows and heap-based \nbuffer overflows when handling certain filesystems, PNG images or disk \nmetadata. A local attacker could use this to execute arbitrary code and \nbypass UEFI Secure Boot restrictions. (CVE-2020-14308)\n\nMathieu Trudel-Lapierre discovered that in certain situations, GRUB2 \nfailed to validate kernel signatures. A local attacker could use this \nto bypass Secure Boot restrictions. (CVE-2020-15705)\n\nColin Watson and Chris Coulson discovered that an integer overflow \nexisted in GRUB2 when handling the initrd command, leading to a heap-based \nbuffer overflow. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15707)", "edition": 3, "modified": "2020-07-29T00:00:00", "published": "2020-07-29T00:00:00", "id": "USN-4432-1", "href": "https://ubuntu.com/security/notices/USN-4432-1", "title": "GRUB 2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-08T13:59:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot \nenvironments. Unfortunately, the update introduced regressions for \nsome BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), \npreventing them from successfully booting. This update addresses \nthe issue.\n\nUsers with BIOS systems that installed GRUB2 versions from USN-4432-1 \nshould verify that their GRUB2 installation has a correct understanding \nof their boot device location and installed the boot loader correctly.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJesse Michael and Mickey Shkatov discovered that the configuration parser \nin GRUB2 did not properly exit when errors were discovered, resulting in \nheap-based buffer overflows. A local attacker could use this to execute \narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)\n\nChris Coulson discovered that the GRUB2 function handling code did not \nproperly handle a function being redefined, leading to a use-after-free \nvulnerability. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15706)\n\nChris Coulson discovered that multiple integer overflows existed in GRUB2 \nwhen handling certain filesystems or font files, leading to heap-based \nbuffer overflows. A local attacker could use these to execute arbitrary \ncode and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, \nCVE-2020-14310, CVE-2020-14311)\n\nIt was discovered that the memory allocator for GRUB2 did not validate \nallocation size, resulting in multiple integer overflows and heap-based \nbuffer overflows when handling certain filesystems, PNG images or disk \nmetadata. A local attacker could use this to execute arbitrary code and \nbypass UEFI Secure Boot restrictions. (CVE-2020-14308)\n\nMathieu Trudel-Lapierre discovered that in certain situations, GRUB2 \nfailed to validate kernel signatures. A local attacker could use this \nto bypass Secure Boot restrictions. (CVE-2020-15705)\n\nColin Watson and Chris Coulson discovered that an integer overflow \nexisted in GRUB2 when handling the initrd command, leading to a heap-based \nbuffer overflow. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15707)", "edition": 3, "modified": "2020-08-04T00:00:00", "published": "2020-08-04T00:00:00", "id": "USN-4432-2", "href": "https://ubuntu.com/security/notices/USN-4432-2", "title": "GRUB2 regression", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "description": " The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. ", "modified": "2020-09-14T13:26:52", "published": "2020-09-14T13:26:52", "id": "FEDORA:574BC3099D0A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: grub2-2.04-22.fc32", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "description": " The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. ", "modified": "2020-09-27T01:05:37", "published": "2020-09-27T01:05:37", "id": "FEDORA:1FF6B30C5606", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: grub2-2.02-110.fc31", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2020-08-08T13:48:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-15705", "CVE-2020-14311", "CVE-2020-14308"], "description": "# Executive Summary\n\nMicrosoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as \u201cThere\u2019s a Hole in the Boot\u201d, could allow for Secure Boot bypass.\n\nTo exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.\n\nMicrosoft is working to complete validation and compatibility testing of a required Windows Update that addresses this vulnerability. If you are an IT professional and would like to immediately address this vulnerability, please see the mitigation option on installing an un-tested update. When the Windows updates become available, customers will be notified via revision to this advisory. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See [Microsoft Technical Security Notifications](<https://technet.microsoft.com/en-us/security/dd252948>).\n\nThis vulnerability is detectable via [TPM attestation](<https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation>) and [Defender ATP](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection>).\n\nCVEs released for this issue: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707.\n\n## Background Information\n\nIn 2012, Microsoft introduced the Secure Boot feature into the then-new, UEFI-based PC ecosystem. UEFI Secure Boot is an anti-rootkit feature that defends the boot process from untrusted code execution. As part of enabling this feature, Microsoft signs boot code both for Windows and 3rd-parties including Linux distributions. This boot code allows Linux systems to take advantage of Secure Boot.\n\nThe GRUB vulnerability provides a way to bypass the UEFI Secure Boot security feature for any system that trusts the Microsoft 3rd-party UEFI signer, which includes many PCs.\n\n# Mitigations\n\nSee the **Mitigations** section following the Security Updates table.\n\n# Recommended Actions\n\nMicrosoft recommends that enterprise customers review this advisory in detail and register for the security notifications mailer to be alerted of content changes to this advisory. See [Microsoft Technical Security Notifications](<https://technet.microsoft.com/en-us/security/dd252948>).\n\n# References\n\n * [Microsoft guidance for applying Secure Boot DBX update](<https://support.microsoft.com/help/4575994>)\n * [How insights from system attestation can improve enterprise security](<https://techcommunity.microsoft.com/t5/microsoft-defender-atp/how-insights-from-system-attestation-and-advanced-hunting-can/ba-p/969252>)\n * Blog: [There's a Hole in the Boot](<https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>)\n * UEFI Forum: <https://uefi.org/revocationlistfile>\n * Canonical: <https://ubuntu.com/security/notices/USN-4432-1>\n * Debian: <https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot>\n * HPE: [www.hpe.com/info/security-alerts](<www.hpe.com/info/security-alerts>)\n * Red Hat: <https://access.redhat.com/security/vulnerabilities/grub2bootloader>\n * SUSE: <https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/>\n * VMware: <https://kb.vmware.com/s/article/80181>\n * [CVE-2020-10713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713>)\n * [CVE-2020-14308](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308>)\n * [CVE-2020-14309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309>)\n * [CVE-2020-14310](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310>)\n * [CVE-2020-14311](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311>)\n * [CVE-2020-15705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705>)\n * [CVE-2020-15706](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706>)\n * [CVE-2020-15707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707>)\n\nMicrosoft has identified the following mitigations. Please be advised that these mitigations are not compatible with all software on all devices, so please ensure that your system is compatible before taking any action.\n\n**Reconfigure Secure Boot**\n\n * Microsoft Surface provides the capability to configure Secure Boot with or without trust in 3rd-party UEFI CA. Surface customers who do not require the 3rd-party UEFI CA can configure Secure Boot as 'Microsoft only' as a mitigation to this issue. For more information see [Manage Surface UEFI settings](<https://docs.microsoft.com/en-us/surface/manage-surface-uefi-settings>).\n\n**WARNING** Modification of UEFI Secure Boot configuration can trigger BitLocker Recovery and failures in other security software. Be sure to suspend BitLocker and have your BitLocker Recovery Key available if you are performing this operation.\n\n * Other OEMs may provide a similar reconfiguration option. Contact your OEM for more information.\n\n**Manually install untested DBX update**\n\nWorking with the Linux community, Microsoft has released an untested update to address this vulnerability. This optional DBX update has received limited testing and is intended for IT professionals and enthusiasts. The update is hosted by the UEFI Forum at: <https://uefi.org/revocationlistfile>.\n\nPlease see the **References** section of this advisory for guidance on installing this update.\n\n**WARNING** Installation of this patch on incompatible systems could result in runtime error, system hang, or even unrecoverable failure to boot. Please check with your OEM to determine if your equipment is compatible.\n", "edition": 4, "modified": "2020-07-29T07:00:00", "id": "MS:ADV200011", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011", "published": "2020-07-29T07:00:00", "title": "Microsoft Guidance for Addressing Security Feature Bypass in GRUB", "type": "mscve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}