What Should You Know About the GRUB2 Bootloader Vulnerability?

More about BootHole vulnerability

• The vulnerability exists because of the way GRUB2 parses content from its configuration file, “grub.cfg,” located externally, in the EFI System partition.
• The vulnerability can be used to tamper with the bootloader, or even replace it with a malicious version, allowing an attacker to insert and execute malicious code during the boot-loading process. It works even when servers or workstations have Secure Boot enabled.
• This way attackers can also plant malicious code or highly persistent malware (bootkit) that has full control of the OS, launched at a later point.

Potential impact

• Any system that uses Secure Boot with the standard Microsoft UEFI CA is vulnerable.
• Vendors including Microsoft, Canonical, UEFI Security Response Team (USRT), Red Hat, SuSE, Oracle, VMWare, HP, Citrix, and other OEMs are expected to release BootHole patches soon.

Recent Bootloader vulnerabilities

• In July 2020, three vulnerabilities (CVE-2020-11623, CVE-2020-11624, and CVE-2020-11625) were found in AvertX IP cameras, which enabled attackers with physical access to the Universal Asynchronous Receiver-Transmitter (UART) interface to tamper its bootloader.
• In November 2019, multiple vulnerabilities (CVE-2019-13103, CVE-2019-13104, CVE-2019-13105, and CVE-2019-13106) were found in Das U-Boot, a universal bootloader, which exposed Amazon Kindle, ARM Chromebooks, and networking hardware open to code execution attacks.

Keeping safe