Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-1741)

Vulnerability Search		Search 219043 CVE descriptions and 99761 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.2.2021.1741

Category: Huawei EulerOS Local Security Checks

Title: Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-1741)

Summary: The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1741 advisory.

Description: Summary:
The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1741 advisory.

Vulnerability Insight:
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'grub2' package(s) on Huawei EulerOS Virtualization release 2.9.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-14372
Common Vulnerability Exposure (CVE) ID: CVE-2020-17779
Common Vulnerability Exposure (CVE) ID: CVE-2020-25632
Common Vulnerability Exposure (CVE) ID: CVE-2020-25647
Common Vulnerability Exposure (CVE) ID: CVE-2020-27749
Common Vulnerability Exposure (CVE) ID: CVE-2020-27779
Common Vulnerability Exposure (CVE) ID: CVE-2021-20225
Common Vulnerability Exposure (CVE) ID: CVE-2021-20233

Copyright Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.2.2021.1741
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-1741)
Summary:	The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1741 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'grub2' package(s) announced via the EulerOS-SA-2021-1741 advisory. Vulnerability Insight: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779) A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372) A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632) A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225) A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233) A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'grub2' package(s) on Huawei EulerOS Virtualization release 2.9.0. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14372 Common Vulnerability Exposure (CVE) ID: CVE-2020-17779 Common Vulnerability Exposure (CVE) ID: CVE-2020-25632 Common Vulnerability Exposure (CVE) ID: CVE-2020-25647 Common Vulnerability Exposure (CVE) ID: CVE-2020-27749 Common Vulnerability Exposure (CVE) ID: CVE-2020-27779 Common Vulnerability Exposure (CVE) ID: CVE-2021-20225 Common Vulnerability Exposure (CVE) ID: CVE-2021-20233
Copyright	Copyright (C) 2021 Greenbone Networks GmbH