This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole, that can be exploited to install a stealthy malware.
According to researchers from the firmware security firm Eclypsium, which discovered the issue, the BootHole flaw affects any operating system that uses GRUB2 with Secure Boot.
GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks.
Immediately after the disclosure of the issue maintainers of major Linux distributions have started releasing updated packages to fix it.
Red Hat confirmed that the BootHole impacts Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4.
The company recommended users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.
Unfortunately, users that updated the packaged started reporting that their systems failed to boot.
“Applying the RHSA-2020:3216 grub2 security update and the RHSA-2020:3218 kernel security and bug fix update on a fresh “minimal” installation of RHEL 8.2 renders the system unbootable.” reads a ticket opened on Red Hat’s bug tracker.
Steps to Reproduce: 1. Install RHEL 8.2 "minimal" version from Binary DVD iso downloaded on 7/29/2020 on system running in EFI mode 2. Apply current updates as of 7/29/2020 with "yum update" 3. Reboot system Actual results: System hangs after POST and the grub menu never loads
Now Red Hat has updated its advisory recommending users to avoid updating the grub2, fwupd, fwupdate or shim packages until new packages will be available.
Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.
Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be impacted, versions 7.9 and 8.1 EUS could also be affected.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, BootHole)