Recently, security research firm Eclypsium made public a new “BootHole” vulnerability, which affects most Linux distributions and Windows devices using GRUB2 bootloader with Secure Boot.
Since GRUB2 is the most popular and used bootloader in Linux distros, systems are now vulnerable to attacks. Even when Secure Boot is enabled, attackers can gain near-total control of the victim’s device.
However, the attack can be initiated in very limited situations where attackers must have root access to edit the GRUB2 config file. Now to mitigate BootHole flaw, operating systems using GRUB2 with Secure Boot need new signed installers and bootloaders.
Fortunately, Eclypsium has already responsibly coordinated with major Linux vendors and OEMs. Hence, in response to BootHole, security teams at Red Hat have released security fixes for its several affected products and are still in process for others as well.
Debian developers are also aware of BootHole and are doing an in-depth audit of GRUB2’s source code. Since Debian 10 “buster” was the first Debian release to include support for UEFI Secure Boot, the security team has targeted including all fixes in the upcoming 10.5 point release on August 1, 2020.
Marcus Meissner, the lead of the SUSE Security Team, informed that SUSE has also released new grub2 packages that fix BootHole vulnerability for all SUSE Linux products. Alongside this, it has also released corresponding Linux kernel packages, cloud images, and installation media updates.
So, if you’re using any of these Linux distros with GRUB2 bootloader, you should update your system, specifically GRUB2 packages, as provided by the distro maintainers. For other Linux distros, new patches will soon arrive.