As per the security research firm Eclypsium has made a new “BootHole” vulnerability, which would affect most of the Linux distributions as well as Windows devices using GRUB2 bootloader via Secure Boot.
In linux distros, GRUB2 is one of the most popular used bootloader where systems have turned out to vulnerable to attacks. Attackers can gain near-total control of the victim’s device, even after the Secure Boot is enabled.
Moreover, in very limited situations attack can be started where attackers must have root access to edit the config file of GRUB2. Operating systems are now using GRUB2 in order to mitigate BootHole flaw.
Linux Distros Respond To BootHole
Eclypsium has already taken in its steps and responsibly coordinated with major Linux vendors as well as OEMs. Hence, reacting to the BootHole, at Red Hat the security teams have released security fixes for its several affected products and are still in process for others as well.
An in-depth audit of GRUB2’s source code is being done by the Debian developers as they are well aware of BootHole. Debian 10 “buster” was marked as the first Debian which was released for supporting the UEFI Secure boot. All the fixes has been targeted considering the upcoming 10.5 point release which has been scheduled on August 1,2020.
Marcus Meissner, who is the lead of the SUSE Security Team, has come with the information that SUSE has also released new grub2 packages which would fix BootHole vulnerability for all SUSE Linux products. Alongside this, it has also released corresponding Linux kernel packages, cloud images, and installation media updates.
From the Canonical security team different Linux distros, Ubuntu 14.04 ESM, 18.04LTS, 16.04 LTS and 20.04LTS have got updates for GRUB2 bootloader in the 2.06 version.
So, if you are the user of any of the Linux distros with GRUB2 bootloader, you can find new updates in the system, specifically GRUB2 package. New patches will soon arrive for other Linux distros.