CVE-2020-15705 MEDIUM

CVE-2020-15705: GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

Vendor Ubuntu
Product grub2 in Ubuntu
Weakness CWE-347
Published July 29, 2020
Last update September 17, 2024

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Key dates

02Disclosure timeline

July 29, 2020 CVE published
September 17, 2024 Record updated