A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
Se encontró un fallo en grub2 en versiones anteriores a 2.06, donde habilita incorrectamente el uso del comando ACPI cuando Secure Boot está habilitado. Este fallo permite a un atacante con acceso privilegiado diseñar un Secondary System Description Table (SSDT) ??que contiene código para sobrescribir el contenido de la variable de bloqueo del kernel de Linux directamente en la memoria. El kernel carga y ejecuta aún más la tabla, anulando su bloqueo de Secure Boot y permite a un atacante cargar código sin firmar. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:L/AC:H/Au:N/C:C/I:C/A:C
| Access Vector | LOCAL |
|---|---|
| Access Complexity | HIGH |
| Authentication | NONE |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-184
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | grub2 | * | <built-in method update of dict object at 0x72a9ccf99e80> | Application |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x72a9af823d40> | Operating System |
| redhat | enterprise_linux | 8.0 | <built-in method update of dict object at 0x72a9986887c0> | Operating System |
| redhat | enterprise_linux_server_aus | 7.2 | <built-in method update of dict object at 0x72a9af820300> | Operating System |
| redhat | enterprise_linux_server_aus | 7.3 | <built-in method update of dict object at 0x72a9ccf98ac0> | Operating System |
| redhat | enterprise_linux_server_aus | 7.4 | <built-in method update of dict object at 0x72a9ccf99380> | Operating System |
| redhat | enterprise_linux_server_aus | 7.6 | <built-in method update of dict object at 0x72a9cc86f880> | Operating System |
| redhat | enterprise_linux_server_aus | 7.7 | <built-in method update of dict object at 0x72a9cc86fb40> | Operating System |
| redhat | enterprise_linux_server_aus | 8.2 | <built-in method update of dict object at 0x72a9af8224c0> | Operating System |
| redhat | enterprise_linux_server_eus | 7.6 | <built-in method update of dict object at 0x72a9ccf9bb40> | Operating System |
| redhat | enterprise_linux_server_eus | 7.7 | <built-in method update of dict object at 0x72a9b0d8ccc0> | Operating System |
| redhat | enterprise_linux_server_eus | 8.1 | <built-in method update of dict object at 0x72a9af821f40> | Operating System |
| redhat | enterprise_linux_server_tus | 7.4 | <built-in method update of dict object at 0x72a998688940> | Operating System |
| redhat | enterprise_linux_server_tus | 7.6 | <built-in method update of dict object at 0x72a9af823c80> | Operating System |
| redhat | enterprise_linux_server_tus | 7.7 | <built-in method update of dict object at 0x72a9b0d8eb40> | Operating System |
| redhat | enterprise_linux_server_tus | 8.2 | <built-in method update of dict object at 0x72a9af820200> | Operating System |
| redhat | enterprise_linux_workstation | 7.0 | <built-in method update of dict object at 0x72a9af823c00> | Operating System |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x72a9b0d8d480> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x72a9cc121fc0> | Operating System |
| netapp | cloud_backup | - | <built-in method update of dict object at 0x72a949cf0180> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x72a949cf1cc0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |