CVE-2020-15705
6.4
MEDIUM
CVSS 3.1
EPSS 0.02%
描述
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
如何修補 CVE-2020-15705
要修補 CVE-2020-15705,請將受影響套件升級到下列已修補版本。
- —升級至 2.06-r0 或更新版本
CVE-2020-15705 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 2.06-r0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |