{"containers":{"cna":{"affected":[{"product":"grub2 in Ubuntu","vendor":"Ubuntu","versions":[{"lessThan":"2.04-1ubuntu26.1","status":"affected","version":"20.04 LTS","versionType":"custom"},{"lessThan":"2.02-2ubuntu8.16","status":"affected","version":"18.04 LTS","versionType":"custom"},{"lessThan":"2.02~beta2-36ubuntu3.26","status":"affected","version":"16.04 LTS","versionType":"custom"},{"lessThan":"2.02~beta2-9ubuntu1.20","status":"affected","version":"14.04 ESM","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Chris Coulson"}],"datePublic":"2020-07-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-362","description":"CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-05-01T01:08:01.000Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"},{"tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"},{"tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://ubuntu.com/security/notices/USN-4432-1"},{"tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"},{"tags":["x_refsource_CONFIRM"],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/vulnerabilities/grub2bootloader"},{"tags":["vendor-advisory","x_refsource_SUSE"],"url":"https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"},{"tags":["vendor-advisory","x_refsource_SUSE"],"url":"https://www.suse.com/support/kb/doc/?id=000019673"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.openwall.com/lists/oss-security/2020/07/29/3"},{"tags":["x_refsource_CONFIRM"],"url":"https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"},{"name":"DSA-4735","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2020/dsa-4735"},{"name":"[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2020/07/29/3"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20200731-0008/"},{"name":"USN-4432-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/4432-1/"},{"name":"openSUSE-SU-2020:1169","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"},{"name":"openSUSE-SU-2020:1168","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"},{"name":"GLSA-202104-05","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202104-05"}],"source":{"advisory":"USN 4432-1","discovery":"INTERNAL"},"title":"GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@ubuntu.com","DATE_PUBLIC":"2020-07-29T17:00:00.000Z","ID":"CVE-2020-15706","STATE":"PUBLIC","TITLE":"GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing."},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"grub2 in Ubuntu","version":{"version_data":[{"version_affected":"<","version_name":"20.04 LTS","version_value":"2.04-1ubuntu26.1"},{"version_affected":"<","version_name":"18.04 LTS","version_value":"2.02-2ubuntu8.16"},{"version_affected":"<","version_name":"16.04 LTS","version_value":"2.02~beta2-36ubuntu3.26"},{"version_affected":"<","version_name":"14.04 ESM","version_value":"2.02~beta2-9ubuntu1.20"}]}}]},"vendor_name":"Ubuntu"}]}},"credit":[{"lang":"eng","value":"Chris Coulson"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"}]}]},"references":{"reference_data":[{"name":"https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/","refsource":"CONFIRM","url":"https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"},{"name":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass","refsource":"UBUNTU","url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"},{"name":"http://ubuntu.com/security/notices/USN-4432-1","refsource":"UBUNTU","url":"http://ubuntu.com/security/notices/USN-4432-1"},{"name":"https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot","refsource":"DEBIAN","url":"https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"},{"name":"https://access.redhat.com/security/vulnerabilities/grub2bootloader","refsource":"REDHAT","url":"https://access.redhat.com/security/vulnerabilities/grub2bootloader"},{"name":"https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/","refsource":"SUSE","url":"https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"},{"name":"https://www.suse.com/support/kb/doc/?id=000019673","refsource":"SUSE","url":"https://www.suse.com/support/kb/doc/?id=000019673"},{"name":"https://www.openwall.com/lists/oss-security/2020/07/29/3","refsource":"CONFIRM","url":"https://www.openwall.com/lists/oss-security/2020/07/29/3"},{"name":"https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html","refsource":"CONFIRM","url":"https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"},{"name":"DSA-4735","refsource":"DEBIAN","url":"https://www.debian.org/security/2020/dsa-4735"},{"name":"[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2020/07/29/3"},{"name":"https://security.netapp.com/advisory/ntap-20200731-0008/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20200731-0008/"},{"name":"USN-4432-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/4432-1/"},{"name":"openSUSE-SU-2020:1169","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"},{"name":"openSUSE-SU-2020:1168","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"},{"name":"GLSA-202104-05","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202104-05"}]},"source":{"advisory":"USN 4432-1","discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T13:22:30.808Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"},{"tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"},{"tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://ubuntu.com/security/notices/USN-4432-1"},{"tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"},{"tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/security/vulnerabilities/grub2bootloader"},{"tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"},{"tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"https://www.suse.com/support/kb/doc/?id=000019673"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2020/07/29/3"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"},{"name":"DSA-4735","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2020/dsa-4735"},{"name":"[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2020/07/29/3"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20200731-0008/"},{"name":"USN-4432-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/4432-1/"},{"name":"openSUSE-SU-2020:1169","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"},{"name":"openSUSE-SU-2020:1168","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"},{"name":"GLSA-202104-05","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202104-05"}]}]},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2020-15706","datePublished":"2020-07-29T17:45:33.975Z","dateReserved":"2020-07-14T00:00:00.000Z","dateUpdated":"2024-09-16T22:20:56.598Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}