“BootHole” GRUB2 Bootloader Secure Boot Bypass
As of July 29th, a buffer overflow vulnerability has been disclosed in the way that GRUB2 parses its configuration file, grub.cfg that can lead to full control over an affected system before OS boot. This bypass vulnerability has been assigned CVE-2020-10713. GRUB2 is utilized on almost all modern Linux systems, Windows systems since 2012 that utilize UEFI Secure Boot, as well as various kernels, hypervisor systems, and OEM products. Access to the grub.cfg file requires administrative access, but exploitation of this bootloader bypass could allow a persistence mechanisms with the highest levels of privilege upon boot. Updates to bootloaders typically are a slow process, as untested implementations can cause catastrophic effects to systems. Mitigation will require vendor patches. The major vendors affected include Microsoft, Oracle, Red Hat, Canonical, SuSE, Debian, Citrix, and VMware.
Note: Some vendor patches are preventing systems from booting in certain cases. Please use caution when applying patches. Digital Defense will continue to monitor vendor releases related to this condition.
Frontline.Cloud includes authenticated checks for this vulnerability.
*** This is a Security Bloggers Network syndicated blog from Digital Defense, Inc. authored by Digital Defense Inc.. Read the original post at: https://www.digitaldefense.com/vulnerability-research/boothole-grub2-bootloader/