1. Ubuntu Security Notices
  2. USN-4992-1

USN-4992-1: GRUB 2 vulnerabilities

Publication date

18 June 2021

Overview

Several security issues were fixed in GRUB 2.

Releases

Packages

Details

Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged
users to load crafted ACPI tables when secure boot is enabled. An attacker
could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-14372)

Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-
after-free vulnerability. A local attacker could use this to execute
arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-25632)

Chris Coulson discovered that a buffer overflow existed in the command line
parser in GRUB 2. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions. (CVE-2020-27749)

It was discovered that the cutmem command in GRUB 2 did not honor secure
boot locking. A local attacker could use this to execute arbitrary code and
bypass UEFI Secure Boot...

Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged
users to load crafted ACPI tables when secure boot is enabled. An attacker
could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-14372)

Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-
after-free vulnerability. A local attacker could use this to execute
arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-25632)

Chris Coulson discovered that a buffer overflow existed in the command line
parser in GRUB 2. A local attacker could use this to execute arbitrary code
and bypass UEFI Secure Boot restrictions. (CVE-2020-27749)

It was discovered that the cutmem command in GRUB 2 did not honor secure
boot locking. A local attacker could use this to execute arbitrary code and
bypass UEFI Secure Boot restrictions. (CVE-2020-27779)

It was discovered that the option parser in GRUB 2 contained a heap
overflow vulnerability. A local attacker could use this to execute
arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2021-20225)

It was discovered that the menu rendering implementation in GRUB 2 did not
properly calculate the amount of memory needed in some situations, leading
to out-of-bounds writes. A local attacker could use this to execute
arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2021-20233)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.10 groovy grub-efi-amd64-bin –  2.04-1ubuntu44.2
grub-efi-amd64-signed –  1.167.2+2.04-1ubuntu44.2
grub-efi-arm64-bin –  2.04-1ubuntu44.2
grub-efi-arm64-signed –  1.167.2+2.04-1ubuntu44.2
20.04 focal grub-efi-amd64-bin –  2.04-1ubuntu44.2
grub-efi-amd64-signed –  1.167.2+2.04-1ubuntu44.2
grub-efi-arm64-bin –  2.04-1ubuntu44.2
grub-efi-arm64-signed –  1.167.2+2.04-1ubuntu44.2
18.04 bionic grub-efi-amd64-bin –  2.04-1ubuntu44.1.2
grub-efi-amd64-signed –  1.167~18.04.5+2.04-1ubuntu44.1.2
grub-efi-arm64-bin –  2.04-1ubuntu44.1.2
grub-efi-arm64-signed –  1.167~18.04.5+2.04-1ubuntu44.1.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›