Search for vulnerabilities
Vulnerability details: VCID-j88u-fh2b-aaah
Vulnerability ID VCID-j88u-fh2b-aaah
Aliases CVE-2020-14372
Summary A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-184 Incomplete List of Disallowed Inputs
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14372.html
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0696
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0697
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0698
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0699
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0700
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0701
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0702
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0703
rhas Moderate https://access.redhat.com/errata/RHSA-2021:0704
rhas Moderate https://access.redhat.com/errata/RHSA-2021:1734
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2566
rhas Moderate https://access.redhat.com/errata/RHSA-2021:2790
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3675
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.0121 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01336 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01336 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01336 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01336 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.01336 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
epss 0.03725 https://api.first.org/data/v1/epss?cve=CVE-2020-14372
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1873150
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.2 https://nvd.nist.gov/vuln/detail/CVE-2020-14372
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14372
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14372
archlinux Medium https://security.archlinux.org/AVG-1629
generic_textual Medium https://ubuntu.com/security/notices/USN-4992-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14372.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json
https://access.redhat.com/security/vulnerabilities/RHSB-2021-003
https://api.first.org/data/v1/epss?cve=CVE-2020-14372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
https://security.gentoo.org/glsa/202104-05
https://security.netapp.com/advisory/ntap-20210416-0004/
https://ubuntu.com/security/notices/USN-4992-1
1873150 https://bugzilla.redhat.com/show_bug.cgi?id=1873150
ASA-202106-43 https://security.archlinux.org/ASA-202106-43
AVG-1629 https://security.archlinux.org/AVG-1629
cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2020-14372 https://nvd.nist.gov/vuln/detail/CVE-2020-14372
RHSA-2021:0696 https://access.redhat.com/errata/RHSA-2021:0696
RHSA-2021:0697 https://access.redhat.com/errata/RHSA-2021:0697
RHSA-2021:0698 https://access.redhat.com/errata/RHSA-2021:0698
RHSA-2021:0699 https://access.redhat.com/errata/RHSA-2021:0699
RHSA-2021:0700 https://access.redhat.com/errata/RHSA-2021:0700
RHSA-2021:0701 https://access.redhat.com/errata/RHSA-2021:0701
RHSA-2021:0702 https://access.redhat.com/errata/RHSA-2021:0702
RHSA-2021:0703 https://access.redhat.com/errata/RHSA-2021:0703
RHSA-2021:0704 https://access.redhat.com/errata/RHSA-2021:0704
RHSA-2021:1734 https://access.redhat.com/errata/RHSA-2021:1734
RHSA-2021:2566 https://access.redhat.com/errata/RHSA-2021:2566
RHSA-2021:2790 https://access.redhat.com/errata/RHSA-2021:2790
RHSA-2021:3675 https://access.redhat.com/errata/RHSA-2021:3675
USN-4992-1 https://usn.ubuntu.com/4992-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14372
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14372
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14372
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15160
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.