BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows (Secure Boot Bypass)

Discussion in 'other security issues & news' started by mood, Jul 29, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    32,513
    BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows
    July 29, 2020
    https://www.bleepingcomputer.com/ne...g-lets-hackers-hide-malware-in-linux-windows/
    Eclypsium: There’s a Hole in the Boot
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    32,513
    Billions of Devices Impacted by Secure Boot Bypass
    July 29, 2020
    https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,260
    I noticed that all my Debian Buster systems received NEW Grub 2 updates in the last day or so. I think my systems sit outside this specific attack surface because my boot files are never connected after the first few seconds of booting (removable /boot). You can't store boot file malware in /boot when my USB isn't connected. Also, I wonder since I keep my disks at MBR vs UEFI if that is providing cover as well?

    I will be reading and researching this as a learning experience.
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    32,513
    GRUB2 bootloader is vulnerable to buffer overflow
    Vulnerability Note VU#174059
    July 29, 2020

    https://kb.cert.org/vuls/id/174059
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    32,513
    Companies Respond to 'BootHole' Vulnerability
    July 30, 2020
    https://www.securityweek.com/companies-respond-boothole-vulnerability
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    98,030
    Location:
    Texas
    GNU GRUB2 Vulnerability
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    32,513
    Updates provided by Red Hat for BootHole cause systems to hang
    July 31, 2020
    https://securityaffairs.co/wordpress/106601/security/red-hat-boothole-fix-problems.html
     
  8. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    244
    Location:
    Australia
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,260
    Fixed in Buster weeks ago!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.