{"id":"USN-4992-1","summary":"grub2-signed, grub2-unsigned vulnerabilities","details":"Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged\nusers to load crafted ACPI tables when secure boot is enabled. An attacker\ncould use this to bypass UEFI Secure Boot restrictions. (CVE-2020-14372)\n\nChris Coulson discovered that the rmmod command in GRUB 2 contained a use-\nafter-free vulnerability. A local attacker could use this to execute\narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-25632)\n\nChris Coulson discovered that a buffer overflow existed in the command line\nparser in GRUB 2. A local attacker could use this to execute arbitrary code\nand bypass UEFI Secure Boot restrictions. (CVE-2020-27749)\n\nIt was discovered that the cutmem command in GRUB 2 did not honor secure\nboot locking. A local attacker could use this to execute arbitrary code and\nbypass UEFI Secure Boot restrictions. (CVE-2020-27779)\n\nIt was discovered that the option parser in GRUB 2 contained a heap\noverflow vulnerability. A local attacker could use this to execute\narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2021-20225)\n\nIt was discovered that the menu rendering implementation in GRUB 2 did not\nproperly calculate the amount of memory needed in some situations, leading\nto out-of-bounds writes. A local attacker could use this to execute\narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2021-20233)\n","modified":"2026-04-27T15:54:21.743986Z","published":"2021-06-18T03:57:46Z","related":["UBUNTU-CVE-2020-14372","UBUNTU-CVE-2020-25632","UBUNTU-CVE-2020-27749","UBUNTU-CVE-2020-27779","UBUNTU-CVE-2021-20225","UBUNTU-CVE-2021-20233"],"upstream":["CVE-2020-14372","CVE-2020-25632","CVE-2020-27749","CVE-2020-27779","CVE-2021-20225","CVE-2021-20233","UBUNTU-CVE-2020-14372","UBUNTU-CVE-2020-25632","UBUNTU-CVE-2020-27749","UBUNTU-CVE-2020-27779","UBUNTU-CVE-2021-20225","UBUNTU-CVE-2021-20233"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4992-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14372"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25632"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27749"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27779"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-20225"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-20233"}],"affected":[{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.167~18.04.5?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.167~18.04.5"}]}],"versions":["1.85","1.86","1.87","1.89","1.91","1.92","1.93","1.93.1","1.93.2","1.93.3","1.93.4","1.93.5","1.93.7","1.93.8","1.93.10","1.93.11","1.93.13","1.93.14","1.93.15","1.93.16","1.93.18","1.93.19","1.93.20","1.93.21","1.93.22","1.93.24","1.167~18.04.1","1.167~18.04.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.167~18.04.5+2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.167~18.04.5+2.04-1ubuntu44.1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4992-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-14372"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25632"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27749"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27779"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20225"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20233"}],"ecosystem":"Ubuntu:18.04:LTS"}}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.04-1ubuntu44.1.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.04-1ubuntu44.1.2"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-arm64","binary_version":"2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.04-1ubuntu44.1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4992-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-14372"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25632"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27749"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27779"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20225"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20233"}],"ecosystem":"Ubuntu:18.04:LTS"}}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.167.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.167.2"}]}],"versions":["1.128","1.129","1.130","1.131","1.133","1.134","1.135","1.136","1.137","1.138","1.139","1.140","1.141","1.142","1.142.1","1.142.3","1.142.4","1.142.5","1.142.6","1.142.8","1.142.9","1.142.10","1.142.11","1.167"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.167.2+2.04-1ubuntu44.2"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.167.2+2.04-1ubuntu44.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4992-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-14372"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25632"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27749"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27779"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20225"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20233"}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.04-1ubuntu44.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.04-1ubuntu44.2"}]}],"versions":["2.04-1ubuntu44"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.04-1ubuntu44.2"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.04-1ubuntu44.2"},{"binary_name":"grub-efi-arm64","binary_version":"2.04-1ubuntu44.2"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.04-1ubuntu44.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4992-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-14372"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25632"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27749"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-27779"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20225"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-20233"}],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.5"}