CVE-2020-14372: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows…

high7.5CVSS 3.1

AVLACHPRHUINSCCHIHAH

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	grub2	< grub2 2.04-16 (bookworm)	grub2 2.04-16 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
gnu	grub2	< 2.06	2.06
gnu	grub2	—	—
gnu	grub2	>= 0 < 2.04-16	2.04-16
gnu	grub2	>= 0 < 2.04-16	2.04-16
gnu	grub2	>= 0 < 2.04-16	2.04-16
gnu	grub2	>= 0 < 2.04-16	2.04-16
msrc	cbl2_grub2_2.06rc1-7_on_cbl_mariner_2.0	—	—
msrc	cm1_grub2_2.06rc1-4_on_cbl_mariner_1.0	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

osv7.5HIGH