DSN-2020-004: Dell response to Grub2 vulnerabilities which may allow secure boot bypass
摘要: Dell is aware of a vulnerability in Grand Unified Bootloader (GRUB), named "There is a Hole in the Boot," that may allow for Secure Boot bypass.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
安全性文章类型
Security KB
CVE 标识符
CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
问题摘要
There is a Grand Unified Bootloader (GRUB (External Link)) vulnerability, known as "BootHole (External Link)," that may allow for Secure Boot bypass.
详情
Dell is aware of a vulnerability in Grand Unified Bootloader (GRUB (External Link)), known as "BootHole (External Link)," that may allow for Secure Boot bypass.
The security of our products is critical to helping ensure our customers' data and systems are protected. See the following Dell Security Advisories for specific remediation details:
Dell Client Platforms
- CPG BIOS: DSA-2020-185
Dell Storage Products
- PowerFlex Rack: DSA-2020-216
- Data Protection Central: DSA-2020-218
- Avamar: DSA-2020-219
- Cloud Tiering Appliance: DSA-2020-228
- VxRail: DSA-2020-235
- Dell SRM: DSA-2020-247
- Cyber Recovery: DSA-2020-265
- DPSearch: DSA-2021-004
- IDPA ACM: DSA-2021-021
Note: Any nonsecurity updates or configuration changes required to support updates released by Operating System providers are communicated through product-specific technical support articles.
建议
Dell Technologies recommends that customers review their Operating System provider’s advisories for more information, including appropriate identification and mitigation measures.
- Canonical https://ubuntu.com/security/notices/USN-4432-1 (External Link)
- Debian https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot (External Link)
- Microsoft Guidance for Addressing Security Feature Bypass in GRUB (External Link)
- Red Hat https://access.redhat.com/security/vulnerabilities/grub2bootloader (External Link)
- SUSE https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/ and https://www.suse.com/support/kb/doc/?id=000019673 (External Link)
See the following technical support articles which provide additional information and context as it relates to Dell products:
- Dell Client Platforms Additional Information Regarding the "BootHole" (GRUB) Vulnerability
- Dell PowerEdge Servers Additional Information Regarding the March 2021 (GRUB) Vulnerability Disclosure
法律免责声明
受影响的产品
Product Security Information文章属性
文章编号: 000177589
文章类型: Security KB
上次修改时间: 17 3月 2026
版本: 9
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。