CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in GRUB2 Could Allow for Complete System Compromise

MS-ISAC ADVISORY NUMBER:

2020-102

DATE(S) ISSUED:

07/30/2020

OVERVIEW:

Multiple vulnerabilities have been discovered in GRUB2, the most severe of which could allow for complete system compromise. GRUB2 is a popular Linux bootloader that works with UEFI secure boot. A boot loader is a piece of software that is designed to load and hand over control to the operating system when the system is first turned on. UEFI secure boot is a verification method added to the boot up process used to verify binaries loaded during bootup against a list of known trusted binary files. Successful exploitation of the most severe of theses vulnerabilities could allow for arbitrary code execution and lead to complete compromise of the local system

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in GRUB2, the most severe of which could allow for complete compromise of the local system. Details of these vulnerabilities are as follows:

  • A vulnerability exists when parsing grub.cfg that could allow loading of arbitrary code (CVE-2020-10713)
  • A heap-based buffer overflow vulnerability exists that can impact the integrity, confidentiality, and availability of the local machine. (CVE-2020-14308)
  • Multiple integer buffer overflow vulnerabilities exist. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15707)
  • A use-after-free vulnerability exists that could allow for arbitrary code execution (CVE-2020-15706)

Successful exploitation of the most severe of theses vulnerabilities could allow for arbitrary code execution and lead to complete compromise of the local system.

RECOMMENDATIONS:

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate patches to vulnerable systems immediately after appropriate testing.
  • Enforce password complexity, using NIST Special Publication 800-63B, Appendix A as a reference
  • Enforce physical security to prevent unauthorized access to the local machine.
  • The MS-ISAC has been informed that multiple distributions of Linux have experienced problems after patching GRUB2. We strongly recommend testing any patches before applying them to live systems and making backups before going live with any changes.

REFERENCES:

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil White paper 26 Oct 2020