- Logo
- Cool Name : BootHole
- GRUB2 -> GRand Unified Bootloader version 2 -Don't hurry up on the patches, RedHat have some bug within and also test before production. -It's a cool vuln, cool name, cool logo, but take your time to test the patches, boot isn't something you patching every month, take care !
- TBD
| CVE Number | Impacted Component | Description | CVSS Score | Detailled CVSS:3.1 |
|---|---|---|---|---|
| CVE-2020-10713 | GRUB2 | crafted grub.cfg file can lead to arbitrary code execution during boot process | 8.2 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2020-14308 | GRUB2 | grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-14309 | GRUB2 | Integer overflow in grub_squash_read_symlink may lead to heap based overflow | 5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2020-14310 | GRUB2 | Integer overflow read_section_from_string may lead to heap based overflow | 5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2020-14311 | GRUB2 | Integer overflow in grub_ext2_read_link leads to heap based buffer overflow | 5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2020-15705 | GRUB2 | Avoid loading unsigned kernels when grub is booted directly under secure boot without shim | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-15706 | GRUB2 Script | Avoid a use-after-free when redefining a function during execution | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2020-15707 | GRUB2 | nteger overflow in initrd size handling | 5.7 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H |
- GRUB2 UEFI SecureBoot vulnerability - 'BootHole'
- DSA-4735-1 grub2 -- security update
- CVE-2020-10713
- CVE-2020-14308
- CVE-2020-14309
- CVE-2020-14311
- CVE-2020-14310
- CVE-2020-15705
- CVE-2020-15706
- CVE-2020-15707
- Dell response to Grub2 vulnerabilities which may allow secure boot bypass
- Additional Information Regarding the “BootHole” (GRUB) Vulnerability
- UEFI Secure Boot Evasion Vulnerability aka BootHole Vulnerability (CVE-2020-10713)
- Hewlett Packard Enterprise Support Center
- ELSA-2020-3220 - kernel security and bug fix update
- ELSA-2020-5782 - grub2 security update
- ELSA-2020-5786 - grub2 security update
- ELSA-2020-5790 - grub2 security update
- CVE-2020-10713
- Impact of Vulnerability CVE-2020-10713 on Oracle Products (Doc ID 2694951.1)
- !!!PROBLEMS WITH THE UPDATE!!!
- !!!PROBLEMS WITH THE UPDATE!!!
- Boot Hole Vulnerability - GRUB 2 boot loader - CVE-2020-10713
- RedHat Diagnose Script
- RedHat ANSIBLE PlayBook
- RedHat Bugzilla
- RHSA-2020:3216 - Security Advisory
- RHSA-2020:3217 - Security Advisory
- RHSA-2020:3218 - Security Advisory
- RHSA-2020:3219 - Security Advisory
- RHSA-2020:3220 - Security Advisory
- RHSA-2020:3221 - Security Advisory
- RHSA-2020:3222 - Security Advisory
- RHSA-2020:3223 - Security Advisory
- RHSA-2020:3224 - Security Advisory
- RHSA-2020:3226 - Security Advisory
- RHSA-2020:3227 - Security Advisory
- RHSA-2020:3228 - Security Advisory
- RHSA-2020:3230 - Security Advisory
- RHSA-2020:3231 - Security Advisory
- RHSA-2020:3232 - Security Advisory
- RHSA-2020:3262 - Security Advisory
- RHSA-2020:3263 - Security Advisory
- RHSA-2020:3264 - Security Advisory
- RHSA-2020:3265 - Security Advisory
- RHSA-2020:3271 - Security Advisory
- RHSA-2020:3273 - Security Advisory
- RHSA-2020:3274 - Security Advisory
- RHSA-2020:3275 - Security Advisory
- RHSA-2020:3276 - Security Advisory
- CVE-2020-10713
- CVE-2020-14308
- CVE-2020-14309
- CVE-2020-14311
- CVE-2020-14310
- CVE-2020-15705
- CVE-2020-15706
- CVE-2020-15707
- SUSE addresses BootHole security exposure
- suse-su-202014440-1
- suse-su-20202073-1
- suse-su-20202073-1
- suse-su-20202074-1
- suse-su-20202076-1
- suse-su-20202077-1
- suse-su-20202078-1
- suse-su-20202079-1
- Security Vulnerability: "Boothole" grub2 UEFI secure boot lockdown bypass
- CVE-2020-10713
- CVE-2020-14308
- CVE-2020-14309
- CVE-2020-14311
- CVE-2020-14310
- CVE-2020-15705
- CVE-2020-15706
- CVE-2020-15707
- USN-4432-1: GRUB 2 vulnerabilities
- USN-4432-2: GRUB2 regression
- GRUB2 UEFI Secure Boot Bypass (aka There’s a Hole in the Boot/BootHole) (CVE-2020-10713)
- Mitigating BootHole – ‘There’s a hole in the boot’ – CVE-2020-10713 and related vulnerabilities
- CVE-2020-10713
- CVE-2020-14308
- CVE-2020-14309
- CVE-2020-14311
- CVE-2020-14310
- CVE-2020-15705
- CVE-2020-15706
- CVE-2020-15707
- VMware response to GRUB2 security vulnerability CVE-2020-10713 (80181)
- Photon OS 1.0 - PHSA-2020-1.0-0311
- Photon OS 2.0 - PHSA-2020-2.0-0267
- Photon OS 3.0 - PHSA-2020-3.0-0120
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
Shameless self-plug, but https://github.com/noahbliss/mortar mitigates the boothole vulnerability and forms a framework for unified boot security through coordination of LUKS, secureboot, TPM modules, and UEFI. Comments, criticism, PRs, and other input welcome!