Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu: 4992-1 Critical: GRUB 2 Bootloader Security Flaws

ubuntu
Calendar Grey June 18, 2021
Dist Ubuntu Esm H88
Several GRUB 2 flaws addressed in Ubuntu; urgent updates necessary to mitigate secure boot vulnerabilities.
Several security issues were fixed in GRUB 2.

Summary

Several security issues were fixed in GRUB 2.

Software Description:

- grub2-signed: GRand Unified Bootloader

- grub2-unsigned: GRand Unified Bootloader

Details:

Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged

users to load crafted ACPI tables when secure boot is enabled. An attacker

could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-14372)

Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-after-free vulnerability. A local attacker could use this to execute

arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-25632)

Chris Coulson discovered that a buffer overflow existed in the command line

parser in GRUB 2. A local attacker could use this to execute arbitrary code

and bypass UEFI Secure Boot restrictions. (CVE-2020-27749)

It was discovered that the cutmem command in GRUB 2 did not honor secure

boot locking. A local attacker could use this to execute arbitrary code and

bypass ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  grub-efi-amd64-bin              2.04-1ubuntu44.2
  grub-efi-amd64-signed           1.167.2+2.04-1ubuntu44.2
  grub-efi-arm64-bin              2.04-1ubuntu44.2
  grub-efi-arm64-signed           1.167.2+2.04-1ubuntu44.2

Ubuntu 20.04 LTS:
  grub-efi-amd64-bin              2.04-1ubuntu44.2
  grub-efi-amd64-signed           1.167.2+2.04-1ubuntu44.2
  grub-efi-arm64-bin              2.04-1ubuntu44.2
  grub-efi-arm64-signed           1.167.2+2.04-1ubuntu44.2

Ubuntu 18.04 LTS:
  grub-efi-amd64-bin              2.04-1ubuntu44.1.2
  grub-efi-amd64-signed           1.167~18.04.5+2.04-1ubuntu44.1.2
  grub-efi-arm64-bin              2.04-1ubuntu44.1.2
  grub-efi-arm64-signed           1.167~18.04.5+2.04-1ubuntu44.1.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4992-1

CVE-2020-14372, CVE-2020-25632, CVE-2020-27749,

CVE-2020-27779, CVE-2021-20225, CVE-2021-20233,

Severity
critical
Lowest
Low
Medium
High
Critical

June 18, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here