Main Vulnerability Database SB2020082905

SB2020082905 - OpenSUSE Linux update for grub2

Published: August 29, 2020

Security Bulletin ID SB2020082905

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-15705)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected software fails to validate kernel signature when booted directly without shim. An attacker with physical access can bypass secure boot.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html