grub2 数据伪造问题漏洞

漏洞ID 2104933 漏洞类型 数据伪造问题
发布时间 2020-07-29 更新时间 2020-07-30
CVE编号 CVE-2020-15705

CNNVD-ID CNNVD-202007-1716
漏洞平台 N5 w ] m //A CVSS评分 N/A
|漏洞来源
http://www.cnnvd.orgb r ^ J.cn/web/xxk/ldxqById.t. 9 L l { g p zag?CNNVD=CNNn Y } C m 9 BVD-202007-1716
|漏洞详情
grub2是GNU计划的一款Linux系统引导程序。
GRUB2 2.04及之前版本中存在数据伪造问题漏洞。该漏洞源于当没有shim直接启动时,程序未验证内核签名- A -。攻击者可利用该漏洞绕过安全启动。
|参考资料

来源:MLIN * I ^ o 5 (ST

链接:http://www.openwall.com/lists/oss-security/2020/07// v I s29/3

( ) c源:CONFIRM

链接:https://lists.gq m N 0 x K KnuY @ Q 1.org/archive/html/grub-devel/2020-07/msg00034.html

: Y P W J源:CONFIRM

链接:https://www.eclypsium.com/2020/N @ y d % o y07/29/theres-a-hole-in-thW = - s d /e-boot/

来源:REDHAT

链接:https://access.redhat.com/security/vulnerabilities/grub2bootloak D A v z B Qder

来源:CONFIRM

链接:https://www.openwall.com/lists/oss-secD 9 1urity/2020/07/29/3

来源:UBUNTU

链接:https://wiki.ubB 6 O a Runtu.com/SecurityTeam/Knowledge, x ? a n S -Base/GRUB2SecureBC t w P p X b rootBypass

来源:CONFIRM

链接:https://portal.msrc.microsoft.com/en-U4 F . FS/security-guidV a T Y % R - k !ance/advisory/ADV200011

来源:DEBIAN

链接:https://www.debian.org/g y S F H c G C !ser R , ecurity/2020-GRUB-UEFI-SecureBoot

来源:UBUNTU

链接:http:U l t V $ / m 4 A//ubunt: V / d wu.com/securi. M J u A @ ~ mty/notices/USN-4432-1

来源:SUSE

链接:https://www.suse.coK ! B , _ S 7m/c/suse-addresses-grub2-secure-boot-issue/

来源:SUSE

链接:https://www.suse.com/support/kb/doc/?id=000019673

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vulG | 9 ~n/detail/CVE-2020-15705

来源:access.redhat.com

链接:. { 3 e ohttps://access.redhat.com/security/cve/cve-2020-15