GRUB2 and Secure Boot: a new vulnerability named BootHole is discovered

GRUB2 BootHole logo

Nothing strange, zero dramas ... But another has been discovered vulnerability, CVE-2020-10713, which affects the GRUB2 bootloader and Secure Boot. A publication of the Eclypsium research team is what has been behind this finding and has been dubbed BootHole. Even Microsoft has published an entry on its security portal warning of it and claiming that there is a complicated solution at the moment.

boothole It is a buffer overflow vulnerability that affects billions of devices with GRUB2 and even others without GRUB2 that use Secure Boot such as Windows. In the CVSS system classification it has been scored as 8.2 out of 10, which means that it is high risk. And it is that an attacker could take advantage of this to be able to execute arbitrary code (including malware) introduced during the boot process, even with Secure Boot enabled.

So much devices networks, servers, workstations, desktops and laptops, as well as other devices such as SBCs, certain mobile devices, IoT devices, etc., would be affected.

Why have I started with zero dramas? Simple, these news alerts users, but you should not worry excessively. In the "real" world, this vulnerability is not so easy to exploit. It does not allow remote code execution, otherwise it would be critical and not serious. You must be more calm because in order for malicious code to be executed, the attacker would have to have physical access to the affected computer and also have privileges.

Furthermore, according to Eclypsium, it will be complicated to mitigate and it will take time to find a solution. It will require a thorough review of bootloaders and vendors should release new versions of bootloaders signed by the UEFI CA. Coordinated efforts between developers in the Microsoft open source and collaborative community and other affected system owners will be required to bring down BootHole.

In fact, they have made a things to do to be able to fix BootHole in GRUB2 and you need:

  • Patch to update GRUB2 and eliminate the vulnerability.
  • That the developers of Linux distributions and other vendors release the updates for their users. Both at the level of GRUB2, installers and shims.
  • The new shims have to be signed by the Microsoft UEFI CA for third parties.
  • Administrators of operating systems will obviously have to update. But it must include both the installed system, installer images and also recovery or boot media that they have created.
  • The UEFI Revocation List (dbx) will also need to be updated in the firmware of each affected system to prevent code execution during boot.

The worst thing is that when it comes to the firmware, you have to be careful and be careful not to end up with problems and that the computers stay in brick mode.

At the moment, companies such as Red Hat, HP, Debian, SUSE, Canonical, Oracle, Microsoft, VMWare, Citrix, UEFI Security Response Team and OEMs, as well as software providers, they are already working to solve it. However, we will have to wait to see the first patches.

UPGRADE

But underestimating the effectiveness of the developers and the community would be stupid. Already there are several patch candidates to mitigate it that are coming from companies like Red Hat, Canonical, etc. They have flagged this issue as a top priority and it is paying off.

The problem? The problem is that these patches are causing additional problems. It reminds me of what happened with the Metldown and Specter patches, that sometimes the remedy is worse than the disease ...


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.