CVE-2020-10713 - Vulnerability Details

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Gnu	Grub2
Opensuse	Leap
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus Rhev Hypervisor
Vmware	Photon Os

Configuration 1 [-]

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 4 [-]

cpe:2.3:o:vmware:photon_os:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
fwupdate-0:12-6.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
grub2-1:2.02-0.86.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
shim-0:15-7.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
shim-signed-0:15-7.el7_8	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3217	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
grub2-1:2.02-0.86.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_2	cpe:/o:redhat:rhel_aus:7.2	RHSA-2020:3273	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_aus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_tus:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
grub2-1:2.02-0.86.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_3	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2020:3276	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_aus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_tus:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
fwupdate-0:9-10.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_4	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2020:3275	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
fwupdate-0:12-6.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:3271	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
fwupdate-0:12-6.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
grub2-1:2.02-0.86.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
shim-0:15-8.el7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
shim-signed-0:15-8.el7_7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2020:3274	2020-08-03T00:00:00Z
Red Hat Enterprise Linux 8
fwupd-0:1.1.4-7.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
shim-0:15-14.el8_2	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
shim-unsigned-x64-0:15-7.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3216	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
fwupd-0:1.1.4-2.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
shim-0:15-14.el8_0	cpe:/o:redhat:rhel_e4s:8.0	RHSA-2020:3227	2020-07-29T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
fwupd-0:1.1.4-2.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
grub2-1:2.02-87.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
shim-0:15-14.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
shim-unsigned-x64-0:15-7.el8	cpe:/o:redhat:rhel_eus:8.1	RHSA-2020:3223	2020-07-29T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.11-20200922.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2020:4115	2020-09-30T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.2-20200930.0.el8_2	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2020:4172	2020-10-05T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html
http://www.openwall.com/lists/oss-security/2020/07/29/3
https://bugzilla.redhat.com/show_bug.cgi?id=1825243
https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://kb.vmware.com/s/article/80181
https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
https://nvd.nist.gov/vuln/detail/CVE-2020-10713
https://security.gentoo.org/glsa/202104-05
https://security.netapp.com/advisory/ntap-20200731-0008/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY
https://usn.ubuntu.com/4432-1/
https://www.cve.org/CVERecord?id=CVE-2020-10713
https://www.debian.org/security/2020/dsa-4735
https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
https://www.kb.cert.org/vuls/id/174059
https://www.openwall.com/lists/oss-security/2020/07/29/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-07-30T12:58:30

Updated: 2024-08-04T11:14:14.235Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10713

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-30T13:15:10.940

Modified: 2024-11-21T04:55:54.533

Link: CVE-2020-10713

Redhat

Severity : Moderate

Publid Date: 2020-07-29T17:00:00Z

Links: CVE-2020-10713 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Grub", "vendor": "n/a", "versions": [{"status": "affected", "version": "All grub2 versions before 2.06"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Write leading to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-01T01:08:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-4735", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4735"}, {"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"}, {"name": "VU#174059", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/174059"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "20200804 GRUB2 Arbitrary Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"}, {"name": "openSUSE-SU-2020:1169", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"tags": ["x_refsource_MISC"], "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"}, {"tags": ["x_refsource_MISC"], "url": "https://kb.vmware.com/s/article/80181"}, {"tags": ["x_refsource_MISC"], "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"}, {"name": "GLSA-202104-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202104-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Grub", "version": {"version_data": [{"version_value": "All grub2 versions before 2.06"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Write leading to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "DSA-4735", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4735"}, {"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"}, {"name": "VU#174059", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/174059"}, {"name": "https://security.netapp.com/advisory/ntap-20200731-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "20200804 GRUB2 Arbitrary Code Execution Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"}, {"name": "openSUSE-SU-2020:1169", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"name": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/", "refsource": "MISC", "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"}, {"name": "https://kb.vmware.com/s/article/80181", "refsource": "MISC", "url": "https://kb.vmware.com/s/article/80181"}, {"name": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713", "refsource": "MISC", "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"}, {"name": "GLSA-202104-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202104-05"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:14.235Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4735", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4735"}, {"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"}, {"name": "VU#174059", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/174059"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"name": "USN-4432-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4432-1/"}, {"name": "20200804 GRUB2 Arbitrary Code Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"}, {"name": "openSUSE-SU-2020:1169", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"name": "openSUSE-SU-2020:1168", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.vmware.com/s/article/80181"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"}, {"name": "GLSA-202104-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202104-05"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10713", "datePublished": "2020-07-30T12:58:30", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:14.235Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "matchCriteriaId": "01F8D62F-70BB-4718-A095-D68540C17EEA", "versionEndExcluding": "2.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:photon_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "742D1040-10F3-4680-86FE-5588B69ECF98", "versionEndExcluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en grub2, versiones anteriores a 2.06. Un atacante puede usar el fallo de GRUB 2 para secuestrar y manipular el proceso de verificaci\u00f3n de GRUB. Este fallo tambi\u00e9n permite omitir las protecciones de Secure Boot. A fin de cargar un kernel no confiable o modificado, un atacante primero necesitar\u00eda establecer acceso al sistema, tal y como conseguir acceso f\u00edsico, obtener la capacidad de alterar una red pxe-boot o tener acceso remoto a un sistema de red con acceso root. Con este acceso, un atacante podr\u00eda dise\u00f1ar una cadena para causar un desbordamiento del b\u00fafer al inyectar una carga \u00fatil maliciosa que conlleve a una ejecuci\u00f3n de c\u00f3digo arbitraria dentro de GRUB. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"}], "id": "CVE-2020-10713", "lastModified": "2024-11-21T04:55:54.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-30T13:15:10.940", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"}, {"source": "secalert@redhat.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://kb.vmware.com/s/article/80181"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4432-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4735"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/174059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.vmware.com/s/article/80181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4432-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4735"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/174059"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jesse Michael (Eclypsium) and Mickey Shkatov (Eclypsium) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "fwupdate-0:12-6.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "grub2-1:2.02-0.86.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-0:15-7.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3217", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-signed-0:15-7.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "grub2-1:2.02-0.86.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3273", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "shim-signed-0:15-8.el7_2", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "grub2-1:2.02-0.86.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3276", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "shim-signed-0:15-8.el7_3", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "fwupdate-0:9-10.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "grub2-1:2.02-0.86.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3275", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "shim-signed-0:15-8.el7_4", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "fwupdate-0:12-6.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "grub2-1:2.02-0.86.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3271", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "shim-signed-0:15-8.el7_6", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "fwupdate-0:12-6.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "grub2-1:2.02-0.86.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "shim-0:15-8.el7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3274", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "shim-signed-0:15-8.el7_7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "fwupd-0:1.1.4-7.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "grub2-1:2.02-87.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-0:15-14.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3216", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-unsigned-x64-0:15-7.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "fwupd-0:1.1.4-2.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "grub2-1:2.02-87.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3227", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "shim-0:15-14.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "fwupd-0:1.1.4-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "grub2-1:2.02-87.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "shim-0:15-14.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3223", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "shim-unsigned-x64-0:15-7.el8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:4115", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.11-20200922.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2020-09-30T00:00:00Z"}, {"advisory": "RHSA-2020:4172", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.2-20200930.0.el8_2", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2020-10-05T00:00:00Z"}], "bugzilla": {"description": "grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process", "id": "1825243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787->CWE-78", "details": ["A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "There is no mitigation for the flaw."}, "name": "CVE-2020-10713", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "dbxtool", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "dbxtool", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "fwupdate", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2020-07-29T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10713\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10713\nhttps://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html\nhttps://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\nhttps://www.openwall.com/lists/oss-security/2020/07/29/3"], "statement": "Kernel and kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and 8 are being updated to contain the new Red Hat certificate for secure boot.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object