OpenSUSE Linux update for grub2



Published: 2020-08-29
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-15705
CWE-ID CWE-347
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU32927

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15705

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected software fails to validate kernel signature when booted directly without shim. An attacker with physical access can bypass secure boot.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.2

External links

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###