DSN-2020-004: Dell response to Grub2 vulnerabilities which may allow secure boot bypass
Résumé: Dell is aware of a vulnerability in Grand Unified Bootloader (GRUB), known as “There’s a Hole in the Boot”, that may allow for Secure Boot bypass.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Type d’article de sécurité
Security KB
Identifiant CVE
CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
Résumé des problèmes
There is a Grand Unified Bootloader (GRUB) vulnerability, known as "BootHole", that may allow for Secure Boot bypass.
Détails
Dell is aware of a vulnerability in Grand Unified Bootloader (GRUB), known as "BootHole", that may allow for Secure Boot bypass.
The security of our products is critical to helping ensure our customers’ data and systems are protected. See the following Dell Security Advisories for specific remediation details:
Dell Client Platforms
- CPG BIOS: DSA-2020-185
Dell Storage Products
- Powerflex Rack: DSA-2020-216
- Data Protection Central: DSA-2020-218
- Avamar: DSA-2020-219
- Cloud Tiering Appliance: DSA-2020-228
- VxRail: DSA-2020-235
- Dell EMC SRM: DSA-2020-247
- Cyber Recovery: DSA-2020-265
- Data Protection Search: DSA-2021-004
- IDPA ACM: DSA-2021-021
Recommandations
Dell recommends that customers review their Operating System provider’s advisories for further information, including appropriate identification and mitigation measures.
- Canonical https://ubuntu.com/security/notices/USN-4432-1
- Debian https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot
- Microsoft https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
- Red Hat https://access.redhat.com/security/vulnerabilities/grub2bootloader
- SUSE https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/ and https://www.suse.com/support/kb/doc/?id=000019673
See the following technical support articles which provide additional information and context as it relates to Dell products:
- Dell Client Platforms https://www.dell.com/support/article/SLN322287
- Dell EMC PowerEdge Servers https://www.dell.com/support/kbdoc/000184338
Mention légale
Produits
Product Security InformationPropriétés de l’article
Numéro d’article: 000177589
Type d’article: Security KB
Dernière modification: 18 avr. 2022
Version: 8
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.