This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole, that can be exploited to install a stealthy malware.
According to researchers from the firmware security firm Eclypsium, which discovered the issue, the BootHole flaw affects any operating system that uses GRUB2 with Secure Boot.
GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks.
Immediately after the disclosure of the issue maintainers of major Linux distributions have started releasing updated packages to fix it.
Red Hat confirmed that the BootHole impacts Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4.
The company recommended users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.
Unfortunately, users that updated the packaged started reporting that their systems failed to boot.
“Applying the RHSA-2020:3216 grub2 security update and the RHSA-2020:3218 kernel security and bug fix update on a fresh “minimal” installation of RHEL 8.2 renders the system unbootable.” reads a ticket opened on Red Hat’s bug tracker.
Steps to Reproduce: 1. Install RHEL 8.2 "minimal" version from Binary DVD iso downloaded on 7/29/2020 on system running in EFI mode 2. Apply current updates as of 7/29/2020 with "yum update" 3. Reboot system Actual results: System hangs after POST and the grub menu never loads
Now Red Hat has updated its advisory recommending users to avoid updating the grub2, fwupd, fwupdate or shim packages until new packages will be available.
Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.
Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be impacted, versions 7.9 and 8.1 EUS could also be affected.
(SecurityAffairs – hacking, BootHole)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.