CVE-2020-27779 - log back

CVE-2020-27779 edited at 02 Mar 2021 23:17:40
References
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
+ https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=d298b41f90cbf1f2e5a10e29daa1fc92ddee52c9
CVE-2020-27779 edited at 02 Mar 2021 18:19:14
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Access restriction bypass
Description
+ The GRUB2's cutmem command does not honor Secure Boot locking. This allows an privileged attacker to remove address ranges from memory creating an opportunity to circumvent Secure Boot protections after proper triage of grub's memory layout.
References
+ https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Notes
CVE-2020-27779 created at 02 Mar 2021 18:10:44