cve/2020/CVE-2020-15706.md

### [CVE-2020-15706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706)
![](https://img.shields.io/static/v1?label=Product&message=grub2%20in%20Ubuntu&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=20.04%20LTS%3C%202.04-1ubuntu26.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%20Race%20Condition%20(Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization)&color=brighgreen)

### Description

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/DNTYO/F5_Vulnerability
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/Live-Hack-CVE/CVE-2020-15706
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/rhboot/shim-review
- https://github.com/synackcyber/BootHole_Fix
- https://github.com/vathpela/shim-review
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-15706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706)`
			`![](https://img.shields.io/static/v1?label=Product&message=grub2%20in%20Ubuntu&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=20.04%20LTS%3C%202.04-1ubuntu26.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%20Race%20Condition%20(Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization)&color=brighgreen)`

			`### Description`

			`GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/DNTYO/F5_Vulnerability`
			`- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review`
			`- https://github.com/Live-Hack-CVE/CVE-2020-15706`
			`- https://github.com/NaverCloudPlatform/shim-review`
			`- https://github.com/Rodrigo-NR/shim-review`
			`- https://github.com/ctrliq/ciq-shim-build`
			`- https://github.com/rhboot/shim-review`
			`- https://github.com/synackcyber/BootHole_Fix`
			`- https://github.com/vathpela/shim-review`