HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot” (also nicknamed “BootHole”), could allow bypass of UEFI Secure Boot and allow arbitrary code execution. Additional GRUB2 vulnerabilities found in response to the initial report were included in the coordinated public disclosure. More information on the vulnerabilities can be found in the Eclypsium blog: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ (in English). note: The computers running Windows are vulnerable as long as they allow booting the vulnerable versions of GRUB2. On March 2, 2021, additional GRUB2 vulnerabilities were disclosed. Information on these vulnerabilities are available in the advisories from OS vendors below.
VULNERABILITY SUMMARY
note:The computers running Windows are vulnerable as long as they allow booting the vulnerable versions of GRUB2.
Reference
|
Base Vector
|
Base Score
|
CVE-2020-10713
|
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
8.2
|
CVE-2020-25647
|
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
7.6
|
CVE-2020-14372
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
7.5
|
CVE-2020-25632
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
7.5
|
CVE-2020-27749
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
7.5
|
CVE-2020-27779
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
7.5
|
CVE-2021-20225
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
7.5
|
CVE-2021-20233
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
7.5
|
CVE-2020-14309
|
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
6.7
|
CVE-2020-14308
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
6.4
|
CVE-2020-15705
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
6.4
|
CVE-2020-15706
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
6.4
|
CVE-2020-15707
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
6.4
|
CVE-2021-3418
|
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
6.4
|
CVE-2020-14310
|
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
|
6.0
|
CVE-2020-14311
|
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
|
6.0
|
PI
|
HP Printing and Imaging
|
HF
|
HP Hardware and Firmware
|
GN
|
HP General Software
|