CVE-2020-15706 — Race Condition in Grub2 IN Ubuntu
Severity
6.4MEDIUMNVD
EPSS
0.1%
top 83.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 29
Latest updateMay 24
Description
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 10.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, Enterprise Linux 7.0, 8.0, Openshift Container Platform 4.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-gmqm-wgp3-r69q: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a func↗2022-05-24
CVEList▶
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.↗2020-07-29
OSV▶
CVE-2020-15706: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a func↗2020-07-29
📋Vendor Advisories
4Red Hat▶
grub2: Use-after-free redefining a function whilst the same function is already executing↗2020-07-29
Microsoft▶
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.↗2020-07-14
Debian▶
CVE-2020-15706: grub2 - GRUB2 contains a race condition in grub_script_function_create() leading to a us...↗2020