CVE-2020-14372
grub2 - security update
7.5
HIGH
CVSS 3.1
EPSS 1.5%
描述
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
如何修補 CVE-2020-14372
要修補 CVE-2020-14372,請將受影響套件升級到下列已修補版本。
- —升級至 2.06-r0 或更新版本
- —升級至 2.04-16 或更新版本
- —升級至 2.02+dfsg1-20+deb10u4 或更新版本
CVE-2020-14372 正在被利用嗎?
低 — EPSS 為 1.5%,目前沒有觀察到大規模利用活動。
受影響套件(3)
- from 0, < 2.06-r0
- from 0, < 2.04-16
- from 0, < 2.02+dfsg1-20+deb10u4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |