QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10713

Published: Jul 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor	Product	Versions
n/a	Grub	affected `All grub2 versions before 2.06`

References

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1825243

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

https://security.netapp.com/advisory/ntap-20200731-0008/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

20200804 GRUB2 Arbitrary Code Execution Vulnerability

vendor-advisory

x_refsource_CISCO

openSUSE-SU-2020:1169

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1168

vendor-advisory

x_refsource_SUSE

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

x_refsource_MISC

https://kb.vmware.com/s/article/80181

x_refsource_MISC

https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.