problems on Linux and Windows systems

The BootHole vulnerability, with reference CVE-2020-10713, has been rated in the Common Vulnerability Scoring System (CVSS) with an 8.2, with 10 being the highest score it can receive based on its severity. This is present in the GRUB2 bootloader And it could allow an attacker to bypass the Secure Boot role to get persistent elevated permissions on affected systems.

As we know, Secure Boot is a security feature of Unified Extensible Firmware Interface (UEFI) which prevents any unsigned or certified software from running at system startup. One of the goals of Secure Boot is to prevent unauthorized code, even executed with administrator privileges, from gaining additional privileges by disabling Secure Boot or modifying the boot chain.

This is the failure in GRUB2

The BootHole vulnerability in the GRUB2 bootloader can compromise Windows and Linux devices using the safe boot. Attackers can take advantage of the flaw in the popular bootloader to execute arbitrary code during the boot process, even when secure boot is enabled.

grub2

This is a buffer overflow vulnerability that affects all versions of GRUB2. It is related to the way of processing the configuration file grub.cfg, which is not normally signed like other files or executables.

Taking advantage of the security flaw by attackers with physical access to the device or administrator privileges can be to install malware, alter the startup process, patch the operating system kernel or perform many other malicious actions.

One of the main problems of this vulnerability is that the attack is carried out before the operating system loads, making it difficult to detect the presence of malware or eliminate it by common security solutions.

Another problem is that it will require a high degree of collaboration between several companies for their final solution. In addition, from Eclypsium (responsible for discovering the problem) they point out that just installing patches and updating GRUB2 will not be enough, because attackers can replace it with a vulnerable version.

Leave a Reply

Your email address will not be published. Required fields are marked *