QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-14372

Back to search

CVE-2020-14372

Published: Mar 3, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.

VendorProductVersions

n/a

grub2

affected
grub 2.06

Weaknesses (CWE)

CWE-184

References

FEDORA-2021-cab258a413
vendor-advisory
x_refsource_FEDORA
GLSA-202104-05
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now