Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

SUSE: 2021:14659-1 Important Grub2 Buffer Overflow Critical Fix

suse
Calendar Grey March 2, 2021
Dist Suse Esm H88
Crucial SUSE patch for grub2 resolves 8 vulnerabilities, tackling significant security threats in the secure boot setup.
An update that fixes 8 vulnerabilities is now available

Summary

This update for grub2 fixes the following issues: grub2 now implements the new "SBAT" method for SHIM based secure boot revocation. (bsc#1182057) grub2 was updated to the 2.02 version (same as SUSE Linux Enterprise 12 SP3). Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)

References

#1175970 #1176711 #1177883 #1179264 #1179265

#1182057 #1182262 #1182263

Cross- CVE-2017-9763 CVE-2020-14372 CVE-2020-25632

CVE-2020-25647 CVE-2020-27749 CVE-2020-27779

CVE-2021-20225 CVE-2021-20233

CVSS scores:

CVE-2017-9763 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2017-9763 (SUSE): 4.1 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2020-14372 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2020-25632 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2020-25647 (SUSE): 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2020-27749 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2020-27779 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:14659-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.