Linux Distros Unpatched Vulnerability : CVE-2020-15707

🗓️ 26 Aug 2025 00:00:00Reported by TenableType

Unpatched GRUB2 CVE-2020-15707: heap overflow enables code execution and Secure Boot bypass.

Reporter	Title	Published	Views	Family All 170
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	26 Mar 202504:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to Using Components with Known Vulnerabilities	30 Oct 202016:18	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0064: grub2 (ALINUX3-SA-2022:0064)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : grub2 (CESA-2020:3216)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : grub2 (RHSA-2020:3217)	31 Jul 202000:00	–	nessus
Tenable Nessus	Debian DSA-4735-1 : grub2 - security update	30 Jul 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1853)	28 Aug 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-2000)	29 Sep 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2021-1601)	10 Mar 202100:00	–	nessus
Tenable Nessus	GLSA-202104-05 : GRUB: Multiple vulnerabilities	3 May 202100:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-15707
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(255467);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/27");

  script_cve_id("CVE-2020-15707");
  script_xref(name:"CEA-ID", value:"CEA-2020-0061");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-15707");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux
    component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2
    upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number
    of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files
    on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot
    restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-15707");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15707");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:grub2-unsigned");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "grub2-unsigned"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

27 Aug 2025 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 24.4

CVSS 3.15.7 - 6.4

EPSS0.00031