1. Home
  2. CVE Database
  3. CVE-2020-27779
HIGH · 7.5

CVE-2020-27779

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity ...

Vulnerability Description

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GnuGrub2< 2.06
RedhatEnterprise Linux7.0
RedhatEnterprise Linux Server Aus7.2
RedhatEnterprise Linux Server Eus7.6
RedhatEnterprise Linux Server Tus7.4
RedhatEnterprise Linux Workstation7.0
FedoraprojectFedora33
NetappOntap Select Deploy Administration Utility-

Related Weaknesses (CWE)

CWE-285

References

FAQ

What is CVE-2020-27779?

CVE-2020-27779 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity ...

How severe is CVE-2020-27779?

CVE-2020-27779 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27779?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2, Redhat Enterprise Linux, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Server Tus.