Vulnerability Details : CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Vulnerability category: OverflowExecute code
Products affected by CVE-2020-15707
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Threat overview for CVE-2020-15707
Top countries where our scanners detected CVE-2020-15707
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-15707 694,341
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-15707!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-15707
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15707
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
6.4
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST | |
5.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
0.5
|
5.2
|
Canonical Ltd. |
CWE ids for CVE-2020-15707
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by:
- nvd@nist.gov (Primary)
- security@ubuntu.com (Secondary)
References for CVE-2020-15707
-
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
Debian -- GRUB2 UEFI SecureBoot vulnerability - 'BootHole'Third Party Advisory
-
http://ubuntu.com/security/notices/USN-4432-1
USN-4432-1: GRUB 2 vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
SUSE addresses BootHole security exposure - SUSE CommunitiesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/07/29/3
oss-security - multiple secure boot grub2 and linux kernel vulnerabilitiesMailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4735
Debian -- Security Information -- DSA-4735-1 grub2Third Party Advisory
-
https://access.redhat.com/security/vulnerabilities/grub2bootloader
Boot Hole Vulnerability - GRUB 2 boot loader - CVE-2020-10713 - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
[security-announce] openSUSE-SU-2020:1168-1: important: Security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202104-05
GRUB: Multiple vulnerabilities (GLSA 202104-05) — Gentoo securityThird Party Advisory
-
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass - Ubuntu WikiThird Party Advisory
-
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
[SECURITY PATCH 00/28] Multiple GRUB2 vulnerabilities - BootHoleIssue Tracking;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20200731-0008/
July 2020 Grub2 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.suse.com/support/kb/doc/?id=000019673
Security Vulnerability: "Boothole" grub2 UEFI secure boot lockdown bypass | Support | SUSEThird Party Advisory
-
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
There’s a Hole in the Boot - EclypsiumExploit;Third Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUBPatch;Third Party Advisory;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
[security-announce] openSUSE-SU-2020:1169-1: important: Security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4432-1/
USN-4432-1: GRUB 2 vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.openwall.com/lists/oss-security/2020/07/29/3
oss-security - multiple secure boot grub2 and linux kernel vulnerabilitiesMailing List;Third Party Advisory
Jump to