CVE-2020-15705

Priority
Description
GRUB2 fails to validate kernel signature when booted directly without shim,
allowing secure boot to be bypassed. This only affects systems where the
kernel signing certificate has been imported directly into the secure boot
database and the GRUB image is booted directly without the use of shim.
This issue affects GRUB2 version 2.04 and prior versions.
Ubuntu-Description
Mathieu Trudel-Lapierre discovered that in certain situations,
GRUB2 failed to validate kernel signatures. A local attacker could
use this to bypass Secure Boot restrictions.
Notes
amurraygrub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low
Package
Source: grub2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):released (2.02~beta2-9ubuntu1.20)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.02~beta2-36ubuntu3.26)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.02-2ubuntu8.16)
Ubuntu 20.04 LTS (Focal Fossa):released (2.04-1ubuntu26.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.04-1ubuntu26.1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (1.34.22)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.66.26)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.93.18)
Ubuntu 20.04 LTS (Focal Fossa):released (1.142.3)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.147)
More Information

Updated: 2020-08-05 04:14:36 UTC (commit 75ee2efd5b1f4456ca1263baf8c308c5218273da)