VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 3, 2021· Updated Aug 4, 2024

CVE-2020-14372

CVE-2020-14372

Description

GRUB2 prior to 2.06 allows privileged attackers to bypass Secure Boot by loading a crafted ACPI table that disables kernel lockdown, enabling unsigned code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GRUB2 prior to 2.06 allows privileged attackers to bypass Secure Boot by loading a crafted ACPI table that disables kernel lockdown, enabling unsigned code execution.

Vulnerability

GRUB2 versions prior to 2.06 incorrectly allow the acpi command to be used even when UEFI Secure Boot is enabled [1]. This flaw permits a local attacker with root privileges to load a crafted Advanced Configuration and Power Interface (ACPI) table, specifically a Secondary System Description Table (SSDT), during the boot process [2]. The attacker must have write access to the /boot/efi partition and the ability to modify grub.cfg [2].

Exploitation

An attacker with root access on the system places a malicious SSDT in /boot/efi and alters grub.cfg to instruct GRUB2 to load that table at boot [2]. The SSDT is then executed by the Linux kernel and overwrites the kernel lockdown variable in memory, disabling the lockdown mechanism [1][2]. The attacker must first determine the memory address of the lockdown variable, which requires triaging the environment [2].

Impact

Successful exploitation defeats Secure Boot protections, allowing the attacker to load unsigned kernel modules and execute unsigned code via kexec [1]. This compromises system integrity, confidentiality, and availability, as the attacker can bypass kernel code signing requirements [1].

Mitigation

The vulnerability is fixed in GRUB2 version 2.06 [1]. Red Hat has released updates for Red Hat Enterprise Linux 7 and 8, and Gentoo recommends upgrading to >=sys-devel/grub-2.06_rc1 [1][4]. After updating, administrators must reinstall GRUB (e.g., grub-install) to apply the fix [4]. No workaround is available [4].

References
  1. RHSB-2021-003 ACPI Secure Boot vulnerability - GRUB 2 - (CVE-2020-14372) | Red Hat Customer Portal
  2. acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
  3. Multiple vulnerabilities (GLSA 202104-05) — Gentoo security

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

39

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

5

News mentions

0

No linked articles in our index yet.