6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
21.5%
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 20.04 | |
debian_linux | eq | 10.0 | |
grub2 | le | 2.04 | |
windows_10 | eq | 1607 | |
windows_10 | eq | 1709 | |
windows_10 | eq | 1803 | |
windows_10 | eq | 1809 |
lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html
ubuntu.com/security/notices/USN-4432-1
www.openwall.com/lists/oss-security/2020/07/29/3
www.openwall.com/lists/oss-security/2021/03/02/3
www.openwall.com/lists/oss-security/2021/09/17/2
www.openwall.com/lists/oss-security/2021/09/17/4
www.openwall.com/lists/oss-security/2021/09/21/1
access.redhat.com/security/vulnerabilities/grub2bootloader
lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
security.gentoo.org/glsa/202104-05
security.netapp.com/advisory/ntap-20200731-0008/
usn.ubuntu.com/4432-1/
wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
www.debian.org/security/2020-GRUB-UEFI-SecureBoot
www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
www.openwall.com/lists/oss-security/2020/07/29/3
www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
www.suse.com/support/kb/doc/?id=000019673
6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
21.5%