Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
BlueTeam CheatSheet * BootHole * | Last updated: 2020-08-13 1957 UTC

CVE-2020-10713 AKA BootHole

  • Logo
  • Cool Name : BootHole

General

  • GRUB2 -> GRand Unified Bootloader version 2 -Don't hurry up on the patches, RedHat have some bug within and also test before production. -It's a cool vuln, cool name, cool logo, but take your time to test the patches, boot isn't something you patching every month, take care !
  • TBD

CVE

CVE Number Impacted Component Description CVSS Score Detailled CVSS:3.1
CVE-2020-10713 GRUB2 crafted grub.cfg file can lead to arbitrary code execution during boot process 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2020-14308 GRUB2 grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-14309 GRUB2 Integer overflow in grub_squash_read_symlink may lead to heap based overflow 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2020-14310 GRUB2 Integer overflow read_section_from_string may lead to heap based overflow 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2020-14311 GRUB2 Integer overflow in grub_ext2_read_link leads to heap based buffer overflow 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE-2020-15705 GRUB2 Avoid loading unsigned kernels when grub is booted directly under secure boot without shim 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-15706 GRUB2 Script Avoid a use-after-free when redefining a function during execution 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-15707 GRUB2 nteger overflow in initrd size handling 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Sources:

ECLYSPSIUM (Primary Source)

ARCHLINUX

CENTOS

CERT/CC

CHECKPOINT

CISCO

DEBIAN

DELL

F5 Networks

HP

HPE

HUAWEI

LENOVO

MAGEIA

MICROSOFT

NETAPP

ORACLE

Paloalto Networks [PAN]

QUALYS

REDHAT

SUSE

TENABLE

UBUNTU

UEFI FORUM

UPSTREAM GRUB2 PROJECT

VMWARE

Errors, typos, something to say ?

  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
@noahbliss

This comment has been minimized.

Copy link

@noahbliss noahbliss commented Aug 13, 2020

Shameless self-plug, but https://github.com/noahbliss/mortar mitigates the boothole vulnerability and forms a framework for unified boot security through coordination of LUKS, secureboot, TPM modules, and UEFI. Comments, criticism, PRs, and other input welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.