Risk Scores
EPSS Score
0.04%
10.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | grub2-unsigned | 2.04-1ubuntu44.2, 2.04-1ubuntu44, 0 |
| Ubuntu:16.04:LTS | grub2 | 2.02~beta2-36ubuntu3.16, 2.02~beta2-36ubuntu3.17, 2.02~beta2-36ubuntu3.18 |
| Ubuntu:20.04:LTS | grub2 | 2.04-1ubuntu20, 2.04-1ubuntu18, 2.04-1ubuntu16 |
| Ubuntu:Pro:14.04:LTS | grub2-signed | 1.34.8, 1.34.9, 1.34.13 |
| Ubuntu:Pro:14.04:LTS | grub2 | 2.02~beta2-9ubuntu1.15, 2.00-19ubuntu2, 2.00-19ubuntu3 |
| Ubuntu:18.04:LTS | grub2-signed | 1.93.8, 1.93.5, 1.93.4 |
| Ubuntu:16.04:LTS | grub2-unsigned | 0, 2.04-1ubuntu44, 2.04-1ubuntu44.1 |
| Ubuntu:16.04:LTS | grub2-signed | 1.61, 1.66.9, 1.66.11 |
| Ubuntu:18.04:LTS | grub2-unsigned | 0, 2.04-1ubuntu44, 2.04-1ubuntu44.1 |
| Ubuntu:18.04:LTS | grub2 | 2.02-2ubuntu2, 2.02-2ubuntu1, 2.02~beta3-4ubuntu7 |
| Ubuntu:20.04:LTS | grub2-signed | 1.130, 1.131, 1.133 |
Timeline
- Jul 29, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 23, 2021 EPSS Score
- Oct 24, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 25, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Aug 31, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-14308 third-party-advisory
- https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ third-party-advisory
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/07/29/3 third-party-advisory
- https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html third-party-advisory
- https://ubuntu.com/security/notices/USN-4432-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14308 third-party-advisory