CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

• CWE-347
• CWE-347

• http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.htmlMailing List, Third Party Advisory
• http://ubuntu.com/security/notices/USN-4432-1Third Party Advisory
• http://www.openwall.com/lists/oss-security/2020/07/29/3Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/03/02/3Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/09/17/2Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/09/17/4Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/09/21/1Mailing List, Third Party Advisory
• https://access.redhat.com/security/vulnerabilities/grub2bootloaderThird Party Advisory
• https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.htmlIssue Tracking, Vendor Advisory
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011Patch, Third Party Advisory, Vendor Advisory
• https://security.gentoo.org/glsa/202104-05Third Party Advisory
• https://security.netapp.com/advisory/ntap-20200731-0008/Third Party Advisory
• https://usn.ubuntu.com/4432-1/Third Party Advisory
• https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypassThird Party Advisory
• https://www.debian.org/security/2020-GRUB-UEFI-SecureBootThird Party Advisory
• https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/Third Party Advisory
• https://www.openwall.com/lists/oss-security/2020/07/29/3Mailing List, Third Party Advisory
• https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/Third Party Advisory
• https://www.suse.com/support/kb/doc/?id=000019673Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.htmlMailing List, Third Party Advisory
• http://ubuntu.com/security/notices/USN-4432-1Third Party Advisory
• http://www.openwall.com/lists/oss-security/2020/07/29/3Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/03/02/3Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/09/17/2Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/09/17/4Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2021/09/21/1Mailing List, Third Party Advisory
• https://access.redhat.com/security/vulnerabilities/grub2bootloaderThird Party Advisory
• https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.htmlIssue Tracking, Vendor Advisory
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011Patch, Third Party Advisory, Vendor Advisory
• https://security.gentoo.org/glsa/202104-05Third Party Advisory
• https://security.netapp.com/advisory/ntap-20200731-0008/Third Party Advisory
• https://usn.ubuntu.com/4432-1/Third Party Advisory
• https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypassThird Party Advisory
• https://www.debian.org/security/2020-GRUB-UEFI-SecureBootThird Party Advisory
• https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/Third Party Advisory
• https://www.openwall.com/lists/oss-security/2020/07/29/3Mailing List, Third Party Advisory
• https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/Third Party Advisory
• https://www.suse.com/support/kb/doc/?id=000019673Third Party Advisory

Published

Jul 29, 2020

Last Modified

Jun 17, 2026

Status

Modified