Launchpad CVE tracker

CVE 2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

Related bugs and status

CVE-2020-15706 (Candidate) is related to these bugs:

Bug #1401532: GRUB's Secure Boot implementation loads unsigned kernel without warning

		In	Importance	Status
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Xenial)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Trusty)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2 (Ubuntu Bionic)	High	Fix Released
1401532	GRUB's Secure Boot implementation loads unsigned kernel without warning	grub2-signed (Ubuntu Bionic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-15706

References