Description
A flaw was found in grub2, prior to version 2.06. An attacker may use the
GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw
also allows the bypass of Secure Boot protections. In order to load an
untrusted or modified kernel, an attacker would first need to establish
access to the system such as gaining physical access, obtain the ability to
alter a pxe-boot network, or have remote access to a networked system with
root access. With this access, an attacker could then craft a string to
cause a buffer overflow by injecting a malicious payload that leads to
arbitrary code execution within GRUB. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
Ubuntu-Description
Jesse Michael and Mickey Shkatov discovered that the configuration
parser in GRUB2 did not properly exit when errors were discovered,
resulting in heap-based buffer overflows. A local attacker could
use this to execute arbitrary code and bypass UEFI Secure Boot
restrictions.
Notes
amurray | grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low |
Updated: 2020-10-24 07:01:11 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)