BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows July 29, 2020 https://www.bleepingcomputer.com/ne...g-lets-hackers-hide-malware-in-linux-windows/ Eclypsium: There’s a Hole in the Boot
Billions of Devices Impacted by Secure Boot Bypass July 29, 2020 https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/
I noticed that all my Debian Buster systems received NEW Grub 2 updates in the last day or so. I think my systems sit outside this specific attack surface because my boot files are never connected after the first few seconds of booting (removable /boot). You can't store boot file malware in /boot when my USB isn't connected. Also, I wonder since I keep my disks at MBR vs UEFI if that is providing cover as well? I will be reading and researching this as a learning experience.
GRUB2 bootloader is vulnerable to buffer overflow Vulnerability Note VU#174059 July 29, 2020 https://kb.cert.org/vuls/id/174059
Companies Respond to 'BootHole' Vulnerability July 30, 2020 https://www.securityweek.com/companies-respond-boothole-vulnerability
Updates provided by Red Hat for BootHole cause systems to hang July 31, 2020 https://securityaffairs.co/wordpress/106601/security/red-hat-boothole-fix-problems.html
GRUB2 Boot Failure Issues Fixed in Debian and Ubuntu, Update Now The recent GRUB2 updates that patched some serious security vulnerabilities also caused boot failure issues for some users, so fixes for these regressions have started appearing for some distros, including Debian and Ubuntu. https://9to5linux.com/grub2-boot-failure-issues-fixed-in-debian-and-ubuntu-update-now