BootHole Vulnerability


BootHole vulnerability resides in the GRUB2 bootloader, and if exploited, could potentially allow attackers to bypass the Secure Boot to gain high-privileged persistent access to the targeted systems.

According to security researchers at Eclypsium, the BootHole vulnerability affects almost all Linux distributions and Windows systems using GRUB2 bootloader with Secure Boot.

And the Unified Extensible Firmware Interface (UEFI) also uses a bootloader to load critical components, and the operating system to ensure that only cryptographically signed code executes during the boot process.

How GRUB2 Bootloader Vulnerability affects Linux Systems



BootHole is a buffer overflow vulnerability affecting all versions of GRUB2, and it parses content from the config file, which are typically not signed like other files and executables, allowing attackers to break the trust mechanism.

While GRUB2 is the most popular bootloader in Linux distros, making all such systems vulnerable to attacks. An attacker can gain arbitrary code execution within the UEFI execution environment through the buffer overflow, which could be leveraged to run malware, change the boot process, or execute any other malicious codes.

The grub.cfg file which is located in the EFI system partition could also be used to modify the file, as an attacker will still require initial foothold on the targeted system with admin privileges to eventually enable additional escalation of privilege and persistence on the device.

How the Linux Distros are Responding To BootHole



Eclypsium has responsibly coordinated with the major Linux developers in response to BootHole, with the security teams haven released security fixes for their various affected products and some are still working on the fixes as well.

Debian developers have acknowledged the BootHole vulnerability and are currently doing an in-depth audit of GRUB2’s source code, with Debian 10 “buster” as the first Debian release to include support for UEFI Secure Boot, the Debian security team have scheduled the fixes in the upcoming version 10.5 point release on August 1, 2020.

The most popular Linux distros, Ubuntu have also released updates for GRUB2 bootloader with Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, and 20.04 LTS in 2.06 from the Canonical security team.

BootHole Vulnerability: Affecting both Linux and Windows via GRUB2 bootloader

BootHole Vulnerability


BootHole vulnerability resides in the GRUB2 bootloader, and if exploited, could potentially allow attackers to bypass the Secure Boot to gain high-privileged persistent access to the targeted systems.

According to security researchers at Eclypsium, the BootHole vulnerability affects almost all Linux distributions and Windows systems using GRUB2 bootloader with Secure Boot.

And the Unified Extensible Firmware Interface (UEFI) also uses a bootloader to load critical components, and the operating system to ensure that only cryptographically signed code executes during the boot process.

How GRUB2 Bootloader Vulnerability affects Linux Systems



BootHole is a buffer overflow vulnerability affecting all versions of GRUB2, and it parses content from the config file, which are typically not signed like other files and executables, allowing attackers to break the trust mechanism.

While GRUB2 is the most popular bootloader in Linux distros, making all such systems vulnerable to attacks. An attacker can gain arbitrary code execution within the UEFI execution environment through the buffer overflow, which could be leveraged to run malware, change the boot process, or execute any other malicious codes.

The grub.cfg file which is located in the EFI system partition could also be used to modify the file, as an attacker will still require initial foothold on the targeted system with admin privileges to eventually enable additional escalation of privilege and persistence on the device.

How the Linux Distros are Responding To BootHole



Eclypsium has responsibly coordinated with the major Linux developers in response to BootHole, with the security teams haven released security fixes for their various affected products and some are still working on the fixes as well.

Debian developers have acknowledged the BootHole vulnerability and are currently doing an in-depth audit of GRUB2’s source code, with Debian 10 “buster” as the first Debian release to include support for UEFI Secure Boot, the Debian security team have scheduled the fixes in the upcoming version 10.5 point release on August 1, 2020.

The most popular Linux distros, Ubuntu have also released updates for GRUB2 bootloader with Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, and 20.04 LTS in 2.06 from the Canonical security team.

No comments