What Should You Know About the GRUB2 Bootloader Vulnerability? | Cyware Alerts


Compromising the boot process can allow an attacker to subvert all higher-layer security controls related to the operating system. In July 2020, Eclypsium researchers discovered a buffer overflow vulnerability, dubbed BootHole, in the Grand Unified Bootloader version 2 (GRUB2), utilized by most Linux systems and dual-boot systems with Windows.

More about BootHole vulnerability

The vulnerability, with a 8.2/10 CVSS score, exists in a core component of the UEFI Secure Boot process that can be used to gain arbitrary code execution during the boot process.

  • The vulnerability exists because of the way GRUB2 parses content from its configuration file, “grub.cfg,” located externally, in the EFI System partition.
  • The vulnerability can be used to tamper with the bootloader, or even replace it with a malicious version, allowing an attacker to insert and execute malicious code during the boot-loading process. It works even when servers or workstations have Secure Boot enabled.
  • This way attackers can also plant malicious code or highly persistent malware (bootkit) that has full control of the OS, launched at a later point.

Potential impact

A majority of modern systems, including laptops and desktops, servers and workstations, and a large number of Linux-based OT and IoT systems, are potentially affected by the vulnerability.

  • Any system that uses Secure Boot with the standard Microsoft UEFI CA is vulnerable.
  • Vendors including Microsoft, Canonical, UEFI Security Response Team (USRT), Red Hat, SuSE, Oracle, VMWare, HP, Citrix, and other OEMs are expected to release BootHole patches soon.

Recent Bootloader vulnerabilities

  • In July 2020, three vulnerabilities (CVE-2020-11623, CVE-2020-11624, and CVE-2020-11625) were found in AvertX IP cameras, which enabled attackers with physical access to the Universal Asynchronous Receiver-Transmitter (UART) interface to tamper its bootloader.
  • In November 2019, multiple vulnerabilities (CVE-2019-13103, CVE-2019-13104, CVE-2019-13105, and CVE-2019-13106) were found in Das U-Boot, a universal bootloader, which exposed Amazon Kindle, ARM Chromebooks, and networking hardware open to code execution attacks.

Keeping safe

Security experts suggest keeping the devices and firmware updated with the latest patchesto prevent such threats like BootHole.



Source link

Recent articles

Japan and S Korea need to repair ties, cooperate on N Korea: PM | Japan

Yoshihide Suga says it is time to mend frayed ties in call with South Korea’s President Moon Jae-in.Japan and South Korea must cooperate...

Metal Gear Solid PS5 Remake in the Works as Console Exclusive

Remember when everyone was frantically trying to guess what remake Bluepoint set to work on after they finished Shadow of the Colossus? The...

How canceled student-loan and mortgage debts could affect your taxes in the COVID-19 era

In this COVID-19 ravaged economy, debts can pile up beyond a borrower’s ability to repay. However, lenders are sometimes willing to forgive (cancel)...

‘Brain-Boosting’ Supplements Are Full of Unapproved, Untested Drugs, Study Finds

Image: Gizmodo/Stem Cell Research via Getty Images (Getty Images)Supplements that supposedly improve brain health and functioning, known as...

Chief Executive of Embattled Alaskan Mine Project Resigns

The chief executive of the partnership developing the Pebble Mine in Alaska resigned on Wednesday over comments made in meetings recorded by an...

Leave a reply

Please enter your comment!
Please enter your name here