GCVE - cpe:2.3:a:ubuntu:grub2_in_ubuntu:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ubuntu:grub2_in_ubuntu:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ubuntu (`54779f98-997b-58ec-a561-52dfa4086aae`)
Product	Grub2 In Ubuntu (`232dbd47-81b4-5ab7-b2cf-687d92dbc28c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-15707`	vulnerable	2026-06-03 14:41:46.307037	GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow. MEDIUM (5.7) Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Published: 2020-07-29T17:45:34.577Z Updated: 2024-09-17T03:07:49.301Z Open on db.gcve.eu Reference links https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass http://ubuntu.com/security/notices/USN-4432-1 https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-15706`	vulnerable	2026-06-03 14:41:46.305615	GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing. MEDIUM (6.4) GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. Published: 2020-07-29T17:45:33.975Z Updated: 2024-09-16T22:20:56.598Z Open on db.gcve.eu Reference links https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass http://ubuntu.com/security/notices/USN-4432-1 https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-15705`	vulnerable	2026-06-03 14:41:46.287189	GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim MEDIUM (6.4) GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Published: 2020-07-29T17:45:33.422Z Updated: 2024-09-17T00:06:01.169Z Open on db.gcve.eu Reference links https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass http://ubuntu.com/security/notices/USN-4432-1 https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.