Critical Vulnerability Information Vulnerability Overview The vulnerabilities primarily affect GRUB2 and the Linux kernel. The vulnerabilities allow unauthorized code to execute on systems with UEFI Secure Boot enabled, bypassing kernel lockdown mechanisms. Vulnerability Details GRUB2-Related CVEs CVE-2020-10713 - CVSS Score: 8.2 - Description: BootHole vulnerability, discovered by Eclypsium, allows unsigned kernels to be loaded on systems with Secure Boot enabled. CVE-2020-14308 - CVSS Score: 6.4 - Description: grub2: allocation size validation error leading to arithmetic overflow and heap overflow. CVE-2020-14309 - CVSS Score: 5.7 - Description: grub2: integer overflow in grub_squash_read_symlink may lead to heap overflow. CVE-2020-14310 - CVSS Score: 5.7 - Description: grub2: integer overflow in read_section_from_string may lead to heap overflow. CVE-2020-14311 - CVSS Score: 5.7 - Description: grub2: integer overflow in grub_ext2_read_link may lead to heap overflow. Linux Kernel-Related CVEs CVE-2020-15780 - CVSS Score: 6.4 - Description: grub: prevent loading unsigned kernels in Secure Boot mode. CVE-2020-15706 - CVSS Score: 6.4 - Description: grub2: use-after-free issue when redefining functions during execution. CVE-2020-15707 - CVSS Score: 5.7 - Description: grub2: integer overflow in initrd size handling. Mitigation Measures Update the UEFI Revocation List. Hardware vendors may release their own KEK signature updates. Do not rely solely on upgrading vulnerable binaries to mitigate the vulnerabilities; update the UEFI Revocation List. Systems with old kernels and installation media will be unable to boot on systems with Secure Boot enabled.