CVE-2020-15705 in Ubuntu

CVE-2020-15705

Priority

Description

GRUB2 fails to validate kernel signature when booted directly without shim,
allowing secure boot to be bypassed. This only affects systems where the
kernel signing certificate has been imported directly into the secure boot
database and the GRUB image is booted directly without the use of shim.
This issue affects GRUB2 version 2.04 and prior versions.

Ubuntu-Description

Mathieu Trudel-Lapierre discovered that in certain situations,
GRUB2 failed to validate kernel signatures. A local attacker could
use this to bypass Secure Boot restrictions.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
https://www.openwall.com/lists/oss-security/2020/07/29/3
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
https://ubuntu.com/security/notices/USN-4432-1

Bugs

https://launchpad.net/bugs/1801968

Notes

amurray

grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low

Package

Source: grub2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (2.02-2ubuntu8.16)
Ubuntu 20.04 LTS:	released (2.04-1ubuntu26.1)
Ubuntu 16.04 ESM:	released (2.02~beta2-36ubuntu3.26)
Ubuntu 14.04 ESM:	released (2.02~beta2-9ubuntu1.20)

Patches:

Package

Source: grub2-signed (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (1.93.18)
Ubuntu 20.04 LTS:	released (1.142.3)
Ubuntu 16.04 ESM:	released (1.66.26)
Ubuntu 14.04 ESM:	released (1.34.22)

Patches:

More Information

Updated: 2022-04-13 14:11:22 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)