Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-1714)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.2.2021.1714

Category: Huawei EulerOS Local Security Checks

Title: Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-1714)

Summary: The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1714 advisory.

Description: Summary:
The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1714 advisory.

Vulnerability Insight:
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'grub2' package(s) on Huawei EulerOS Virtualization release 2.9.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-14372
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
https://security.gentoo.org/glsa/202104-05
https://access.redhat.com/security/vulnerabilities/RHSB-2021-003
https://bugzilla.redhat.com/show_bug.cgi?id=1873150
Common Vulnerability Exposure (CVE) ID: CVE-2020-25632
https://bugzilla.redhat.com/show_bug.cgi?id=1879577
Common Vulnerability Exposure (CVE) ID: CVE-2020-25647
https://bugzilla.redhat.com/show_bug.cgi?id=1886936
Common Vulnerability Exposure (CVE) ID: CVE-2020-27749
https://bugzilla.redhat.com/show_bug.cgi?id=1899966
Common Vulnerability Exposure (CVE) ID: CVE-2020-27779
https://bugzilla.redhat.com/show_bug.cgi?id=1900698
Common Vulnerability Exposure (CVE) ID: CVE-2021-20225
https://bugzilla.redhat.com/show_bug.cgi?id=1924696
Common Vulnerability Exposure (CVE) ID: CVE-2021-20233
https://bugzilla.redhat.com/show_bug.cgi?id=1926263

Copyright Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.2.2021.1714
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-1714)
Summary:	The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1714 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1714 advisory. Vulnerability Insight: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779) A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372) A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632) A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225) A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233) A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'grub2' package(s) on Huawei EulerOS Virtualization release 2.9.1. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14372 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/ https://security.gentoo.org/glsa/202104-05 https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 https://bugzilla.redhat.com/show_bug.cgi?id=1873150 Common Vulnerability Exposure (CVE) ID: CVE-2020-25632 https://bugzilla.redhat.com/show_bug.cgi?id=1879577 Common Vulnerability Exposure (CVE) ID: CVE-2020-25647 https://bugzilla.redhat.com/show_bug.cgi?id=1886936 Common Vulnerability Exposure (CVE) ID: CVE-2020-27749 https://bugzilla.redhat.com/show_bug.cgi?id=1899966 Common Vulnerability Exposure (CVE) ID: CVE-2020-27779 https://bugzilla.redhat.com/show_bug.cgi?id=1900698 Common Vulnerability Exposure (CVE) ID: CVE-2021-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1924696 Common Vulnerability Exposure (CVE) ID: CVE-2021-20233 https://bugzilla.redhat.com/show_bug.cgi?id=1926263
Copyright	Copyright (C) 2021 Greenbone AG