CVE-2020-15706

Priority
Description
GRUB2 contains a race condition in grub_script_function_create() leading to
a use-after-free vulnerability which can be triggered by redefining a
function whilst the same function is already executing, leading to
arbitrary code execution and secure boot restriction bypass. This issue
affects GRUB2 version 2.04 and prior versions.
Ubuntu-Description
Chris Coulson discovered that the GRUB2 function handling code did not
properly handle a function being redefined, leading to a use-after-free
vulnerability. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions.
References
Notes
amurraygrub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low
sbeattie809f3a268 script: Avoid a use-after-free when redefining a function during execution
Package
Source: grub2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (2.02~beta2-9ubuntu1.20)
Ubuntu 16.06 ESM (Xenial Xerus):released (2.02~beta2-36ubuntu3.26)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.02-2ubuntu8.16)
Ubuntu 20.04 LTS (Focal Fossa):released (2.04-1ubuntu26.1)
Ubuntu 21.04 (Hirsute Hippo):not-affected (2.04-1ubuntu26.1)
Ubuntu 21.10 (Impish Indri):not-affected (2.04-1ubuntu26.1)
Patches:
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (1.34.22)
Ubuntu 16.06 ESM (Xenial Xerus):released (1.66.26)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.93.18)
Ubuntu 20.04 LTS (Focal Fossa):released (1.142.3)
Ubuntu 21.04 (Hirsute Hippo):not-affected (1.147)
Ubuntu 21.10 (Impish Indri):not-affected (1.147)
Patches:
More Information

Updated: 2021-09-23 19:41:50 UTC (commit 3a71382848a53fcadb5f85bc8acde88c292f02e7)