Improper Verification of Cryptographic Signature in grub - CVE-2020-15705

 

Improper Verification of Cryptographic Signature in grub - CVE-2020-15705

Published: July 30, 2020


Vulnerability identifier: #VU32927
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-15705
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: GNU
Affected software:
grub

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the affected software fails to validate kernel signature when booted directly without shim. An attacker with physical access can bypass secure boot.


How to mitigate CVE-2020-15705

Install updates from vendor's website.

Sources