Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.04 LTS: USN-4432-1 Critical: GRUB 2 Buffer Overflow Threat

ubuntu
Calendar Grey July 29, 2020
Dist Ubuntu Esm H88
Enhancements to GRUB 2 in Ubuntu address various critical vulnerabilities, providing comprehensive instructions on implementation.
Several security issues were fixed in GRUB 2.

Summary

Several security issues were fixed in GRUB 2.

Software Description:

- grub2: GRand Unified Bootloader

- grub2-signed: GRand Unified Bootloader

Details:

Jesse Michael and Mickey Shkatov discovered that the configuration parser

in GRUB2 did not properly exit when errors were discovered, resulting in

heap-based buffer overflows. A local attacker could use this to execute

arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)

Chris Coulson discovered that the GRUB2 function handling code did not

properly handle a function being redefined, leading to a use-after-free

vulnerability. A local attacker could use this to execute arbitrary code

and bypass UEFI Secure Boot restrictions. (CVE-2020-15706)

Chris Coulson discovered that multiple integer overflows existed in GRUB2

when handling certain filesystems or font files, leading to heap-based

buffer overflows. A local attacker could use these to execute arbitrary

code and bypass UEFI Secure Boot...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  grub-efi-amd64-bin              2.04-1ubuntu26.1
  grub-efi-amd64-signed           1.142.3+2.04-1ubuntu26.1
  grub-efi-arm-bin                2.04-1ubuntu26.1
  grub-efi-arm64-bin              2.04-1ubuntu26.1
  grub-efi-arm64-signed           1.142.3+2.04-1ubuntu26.1
  grub-efi-ia32-bin               2.04-1ubuntu26.1

Ubuntu 18.04 LTS:
  grub-efi-amd64-bin              2.02-2ubuntu8.16
  grub-efi-amd64-signed           1.93.18+2.02-2ubuntu8.16
  grub-efi-arm-bin                2.02-2ubuntu8.16
  grub-efi-arm64-bin              2.02-2ubuntu8.16
  grub-efi-arm64-signed           1.93.18+2.02-2ubuntu8.16
  grub-efi-ia32-bin               2.02-2ubuntu8.16
  grub-efi-ia64-bin               2.02-2ubuntu8.16

Ubuntu 16.04 LTS:
  grub-efi-amd64-bin              2.02~beta2-36ubuntu3.26
  grub-efi-amd64-signed           1.66.26+2.02~beta2-36ubuntu3.26
  grub-efi-arm-bin                2.02~beta2-36ubuntu3.26
  grub-efi-arm64-bin              2.02~beta2-36ubuntu3.26
  grub-efi-arm64-signed           1.66.26+2.02~beta2-36ubuntu3.26
  grub-efi-ia32-bin               2.02~beta2-36ubuntu3.26
  grub-efi-ia64-bin               2.02~beta2-36ubuntu3.26

Ubuntu 14.04 ESM:
  grub-efi-amd64-bin              2.02~beta2-9ubuntu1.20
  grub-efi-amd64-signed           1.34.22+2.02~beta2-9ubuntu1.20
  grub-efi-arm-bin                2.02~beta2-9ubuntu1.20
  grub-efi-arm64-bin              2.02~beta2-9ubuntu1.20
  grub-efi-ia32-bin               2.02~beta2-9ubuntu1.20
  grub-efi-ia64-bin               2.02~beta2-9ubuntu1.20

Fully mitigating these vulnerabilities requires both an updated
GRUB2 boot loader and the application of a UEFI Revocation
List (dbx) to system firmware. Ubuntu will provide a packaged
dbx update at a later time, though system adminstrators may
choose to apply a third party dbx update before then. For more
details on mitigation steps and the risks entailed (especially for
dual/multi-boot scenarios), please see the Knowledge Base article at
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

References

https://ubuntu.com/security/notices/USN-4432-1

CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310,

CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707,

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

Severity
critical
Lowest
Low
Medium
High
Critical

July 29, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here