Bug 1168994 (CVE-2020-10713) - VUL-0: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restrictions
Summary: VUL-0: CVE-2020-10713: grub2: parsing overflows can bypass secure boot restri...
Status: RESOLVED FIXED
: 1199353 (view as bug list)
Alias: CVE-2020-10713
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/256760/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-10713:8.2:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-08 14:06 UTC by Marcus Meissner
Modified: 2023-05-11 06:50 UTC (History)
22 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch (2.51 KB, patch)
2020-04-27 07:06 UTC, Wolfgang Frisch 		Details | Diff
embargo_disclosure20200625.pdf (421.21 KB, application/pdf)
2020-06-26 15:15 UTC, Marcus Meissner 		Details
DBXrevocation.zip (53.75 KB, application/zip)
2020-07-20 08:58 UTC, Marcus Meissner 		Details
researchers paper (there is a hole in the boot) (827.87 KB, application/pdf)
2020-07-27 19:59 UTC, Marcus Meissner 		Details
grub.cfg (74.06 KB, text/plain)
2020-07-29 08:32 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Marcus Meissner 2020-04-08 14:08:20 UTC 
CRD: 2020-08-30
or later
Comment 7 Johannes Segitz 2020-05-13 08:16:04 UTC 
Taking Gary into CC. Canonical want's to blacklist older grub versions via dbx. They're asking if other distros want to do the same and if we want to share one common blacklist to prevent our shim from booting their vulnerable grub.

@Gary: Do we have existing blacklist entries?
Comment 8 Marcus Meissner 2020-05-13 08:27:11 UTC 
I actually went through our packages, we do not have them.

I have started packaging dbxtool, that also includes the database, but they have only verison 7 out while verison 8 is tagged.
Comment 9 Gary Ching-Pang Lin 2020-05-13 08:43:35 UTC 
(In reply to Johannes Segitz from comment #7)
> Taking Gary into CC. Canonical want's to blacklist older grub versions via
> dbx. They're asking if other distros want to do the same and if we want to
> share one common blacklist to prevent our shim from booting their vulnerable
> grub.
> 
> @Gary: Do we have existing blacklist entries?

hmmm now I see why dbx was mentioned in some tweets and blogs suddenly.

I don't think that we have the blacklist of our efi programs. If we want block grub2 through dbx, then we have to list all the hashes of released grub.efi binaries, and it probably won't be a small table. Besides, after applying the dbx list, the machine will reject all old SLE DVDs. We have to think twice on this.
Comment 41 Marcus Meissner 2020-06-26 15:15:52 UTC 
Created attachment 839144 [details]
embargo_disclosure20200625.pdf

embargo_disclosure20200625.pdf  from 25.6.

Microsoft now wants our shims lists...
Comment 82 Marcus Meissner 2020-07-20 08:58:03 UTC 
Created attachment 839851 [details]
DBXrevocation.zip

The current DBXrevocation.zip set.

Interestingly, in the spreadsheet:

- no redhat
- canonical and debian keys
- canonical shims
- oracle shims

The list of PESIGN hashes in there also already include several (but not all) of the SUSE shims.
Comment 83 Marcus Meissner 2020-07-20 09:18:23 UTC 
10 of our shims are inthe DbX already, 3 are not.
Comment 91 Marcus Meissner 2020-07-27 19:59:49 UTC 
Created attachment 840088 [details]
researchers paper (there is a hole in the boot)

researchers paper
Comment 93 Marcus Meissner 2020-07-29 08:32:26 UTC 
Created attachment 840131 [details]
grub.cfg

QA REPRODUCER:

grub2-emu  < return >
configfile grub.cfg < return > 

should not crash
Comment 96 Marcus Meissner 2020-07-29 17:02:49 UTC 
Now public via

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Comment 98 Swamp Workflow Management 2020-07-29 22:13:22 UTC 
SUSE-SU-2020:2073-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise Server 15-LTSS (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    grub2-2.02-19.48.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    grub2-2.02-19.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 99 Swamp Workflow Management 2020-07-29 22:14:40 UTC 
SUSE-SU-2020:2076-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    grub2-2.02~beta2-115.49.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    grub2-2.02~beta2-115.49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 100 Swamp Workflow Management 2020-07-29 22:15:58 UTC 
SUSE-SU-2020:2079-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    grub2-2.02-4.53.1
SUSE OpenStack Cloud 8 (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    grub2-2.02-4.53.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    grub2-2.02-4.53.1
SUSE Enterprise Storage 5 (src):    grub2-2.02-4.53.1
HPE Helion Openstack 8 (src):    grub2-2.02-4.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 101 Swamp Workflow Management 2020-07-29 22:17:09 UTC 
SUSE-SU-2020:2078-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    grub2-2.02-12.31.1
SUSE OpenStack Cloud 9 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server 12-SP5 (src):    grub2-2.02-12.31.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    grub2-2.02-12.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 102 Swamp Workflow Management 2020-07-29 22:19:05 UTC 
SUSE-SU-2020:2074-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    grub2-2.04-9.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    grub2-2.04-9.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 103 Swamp Workflow Management 2020-07-29 22:21:06 UTC 
SUSE-SU-2020:2077-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    grub2-2.02-26.25.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    grub2-2.02-26.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 104 Swamp Workflow Management 2020-07-29 22:22:20 UTC 
SUSE-SU-2020:14440-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1084632,1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    grub2-2.00-0.66.15.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    grub2-2.00-0.66.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 105 OBSbugzilla Bot 2020-08-04 08:40:27 UTC 
This is an autogenerated message for OBS integration:
This bug (1168994) was mentioned in
https://build.opensuse.org/request/show/824278 15.2 / shim
Comment 109 Swamp Workflow Management 2020-08-08 16:14:19 UTC 
openSUSE-SU-2020:1168-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    grub2-2.02-lp151.21.21.4
Comment 110 Swamp Workflow Management 2020-08-08 16:16:14 UTC 
openSUSE-SU-2020:1169-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1168994,1173812,1174463,1174570
CVE References: CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    grub2-2.04-lp152.7.3.4
Comment 116 OBSbugzilla Bot 2020-08-24 09:20:28 UTC 
This is an autogenerated message for OBS integration:
This bug (1168994) was mentioned in
https://build.opensuse.org/request/show/828869 15.2 / shim
Comment 118 Michael Chang 2020-08-26 05:29:49 UTC 
The patch has been submitted so changing the status accordingly.
Comment 119 Wolfgang Frisch 2020-08-26 06:55:55 UTC 
Please reassign completed bugs to security-team@suse.de
Comment 121 Swamp Workflow Management 2020-08-27 22:16:34 UTC 
openSUSE-RU-2020:1274-1: An update that has 9 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    shim-15+git47-lp152.4.5.1
Comment 124 Wolfgang Frisch 2020-09-02 08:28:56 UTC 
Resolved.
Comment 125 Swamp Workflow Management 2020-09-14 19:14:46 UTC 
SUSE-SU-2020:2629-1: An update that solves one vulnerability and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656
CVE References: CVE-2020-10713
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    shim-15+git47-3.8.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    shim-15+git47-3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 126 Swamp Workflow Management 2020-09-14 19:16:04 UTC 
SUSE-SU-2020:2628-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1168994,1175626,1175656
CVE References: CVE-2020-10713
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    shim-15+git47-22.8.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    shim-15+git47-22.8.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    shim-15+git47-22.8.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    shim-15+git47-22.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 127 Swamp Workflow Management 2020-09-14 19:18:48 UTC 
SUSE-SU-2020:2626-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1168994,1175626,1175656
CVE References: CVE-2020-10713
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    shim-15+git47-7.15.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    shim-15+git47-7.15.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    shim-15+git47-7.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 128 Swamp Workflow Management 2020-09-14 19:19:57 UTC 
SUSE-SU-2020:2627-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1168994,1175626,1175656
CVE References: CVE-2020-10713
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    shim-15+git47-25.11.1
SUSE OpenStack Cloud Crowbar 8 (src):    shim-15+git47-25.11.1
SUSE OpenStack Cloud 9 (src):    shim-15+git47-25.11.1
SUSE OpenStack Cloud 8 (src):    shim-15+git47-25.11.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    shim-15+git47-25.11.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12-SP5 (src):    shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    shim-15+git47-25.11.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    shim-15+git47-25.11.1
SUSE Enterprise Storage 5 (src):    shim-15+git47-25.11.1
HPE Helion Openstack 8 (src):    shim-15+git47-25.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 129 Swamp Workflow Management 2020-09-15 13:15:22 UTC 
SUSE-SU-2020:14490-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1168994,1175626,1175656
CVE References: CVE-2020-10713
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    shim-15+git47-12.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 135 Andreas Färber 2022-05-09 15:03:59 UTC 
*** Bug 1199353 has been marked as a duplicate of this bug. ***