“BootHole” Vulnerability in  GRUB2 Bootloader Affects Billions of Windows and Linux Devices

A team of cybersecurity researchers has recently detected a new high-risk vulnerability in GRUB2 bootloader, named as ‘BootHole’; this vulnerability has been affecting billions of windows and Linux devices. 

Rather than different devices, this vulnerability has been affecting servers, workstations, laptops, desktops, and IoT systems running any Linux distribution or Windows system, all over the world.

According to the researchers, the threat actors of this vulnerability are exploiting this flaw so that they can hinder the boot method and control how the operating system (OS) is stored, just bypassing the security controls.

BootHole

BootHole has been tracked as CVE-2020-10713; it is a barrier flood vulnerability that attacks nearly all versions of GRUB2 and lives in the way such as it parses content from the config file, which typically is not expressed like all other files. 

Its executables leave an opportunity for attackers to defeat the hardware root of the security mechanism. Moreover, the BootHole is a severe flaw, and achieved a CVSS score of 8.2 and remains in error GRand Unified Bootloader 2 (GRUB2). 

Not only that, even it attacks the systems that are running the Secure Boot even if the security is not using the GRUB2.

GRUB2 Bootloader flaw

““BootHole” is a buffer overflow vulnerability, and the files of GRUB2 were remains in the EFI system partition. In case if the threat actors want to modify the file, then they will require an initial foothold on the system that they want to attack along with the admin privileges that would in time offer the attacker with an extra increase of chance and endurance on the device.” Researchers from eclypsium said.

Bootloader enables the attacker to perform the arbitrary code execution in the UEFI execution context, and later it could be used to operate malware, adjust the boot process, directly reinforce the OS kernel, or complete any number of other ill-disposed actions.

Mitigation

This vulnerability requires proper mitigation, as it requires synchronizing efforts from several entities, like modified open-source projects, Microsoft, and the heirs of affected systems. But, still, the experts have mentioned few mitigations, and here are they:-

  • Initially, updates to the GRUB2 so that you can address the vulnerability.
  • Next, the Linux distributions and other businesspeople utilizing the GRUB2 will need to update their installers, bootloaders, and shims as well.
  • New shims will require to be approved by the Microsoft 3rd Party UEFI CA.
  • All affected devices will need to update installed versions of OS, including installer images, and disaster recovery media.
  • The UEFI cancellation list (dbx) requires to be updated in the firmware of each modified system to stop running the vulnerable code during Boot.

Affected Parties

  • Oracle
  • Red Hat
  • Microsoft
  • UEFI Security Response Team (USRT)
  • Debian
  • Various OEMs
  • Citrix
  • SuSE (SLES and OpenSUSE)
  • Canonical (Ubuntu)
  • Many Software vendors
  • VMware

Security experts have advised the users to apply all security patches so that they can keep themselves secure from this kind of vulnerability. Moreover, the security experts are thoroughly investigating the Boot, and soon they will update information regarding this vulnerability.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

D-Link Security Bug Let Hackers Allow to Compromise a Severe Network

REMnux – Malware Analysis and Reverse Engineering Toolkit for Linux