DSN-2020-004: Dell response to Grub2 vulnerabilities which may allow secure boot bypass
Résumé: Dell is aware of a vulnerability in Grand Unified Bootloader (GRUB), named "There is a Hole in the Boot," that may allow for Secure Boot bypass.
Type d’article de sécurité
Security KB
Identifiant CVE
CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
Résumé des problèmes
There is a Grand Unified Bootloader (GRUB (External Link)) vulnerability, known as "BootHole (External Link)," that may allow for Secure Boot bypass.
Détails
Dell is aware of a vulnerability in Grand Unified Bootloader (GRUB (External Link)), known as "BootHole (External Link)," that may allow for Secure Boot bypass.
The security of our products is critical to helping ensure our customers' data and systems are protected. See the following Dell Security Advisories for specific remediation details:
Dell Client Platforms
- CPG BIOS: DSA-2020-185
Dell Storage Products
- PowerFlex Rack: DSA-2020-216
- Data Protection Central: DSA-2020-218
- Avamar: DSA-2020-219
- Cloud Tiering Appliance: DSA-2020-228
- VxRail: DSA-2020-235
- Dell SRM: DSA-2020-247
- Cyber Recovery: DSA-2020-265
- DPSearch: DSA-2021-004
- IDPA ACM: DSA-2021-021
Recommandations
Dell Technologies recommends that customers review their Operating System provider’s advisories for more information, including appropriate identification and mitigation measures.
- Canonical https://ubuntu.com/security/notices/USN-4432-1 (External Link)
- Debian https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot (External Link)
- Microsoft Guidance for Addressing Security Feature Bypass in GRUB (External Link)
- Red Hat https://access.redhat.com/security/vulnerabilities/grub2bootloader (External Link)
- SUSE https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/ and https://www.suse.com/support/kb/doc/?id=000019673 (External Link)
See the following technical support articles which provide additional information and context as it relates to Dell products:
- Dell Client Platforms Additional Information Regarding the "BootHole" (GRUB) Vulnerability
- Dell PowerEdge Servers Additional Information Regarding the March 2021 (GRUB) Vulnerability Disclosure