Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27779

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published

2021-03-03T17:15:11.847

Last Modified

2024-11-21T05:21:49.190

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	grub2	< 2.06	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.2	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_aus	8.2	Yes
Operating System	redhat	enterprise_linux_server_eus	7.6	Yes
Operating System	redhat	enterprise_linux_server_eus	7.7	Yes
Operating System	redhat	enterprise_linux_server_eus	8.1	Yes
Operating System	redhat	enterprise_linux_server_tus	7.4	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_server_tus	8.2	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Application	netapp	ontap_select_deploy_administration_utility	-	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1900698 Issue Tracking, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/ ([email protected])
https://security.gentoo.org/glsa/202104-05 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220325-0001/ Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1900698 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202104-05 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220325-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)