New “BootHole” Vulnerability Leaves Linux and Windows Systems At Risk

On July 29, 2020, details were released regarding a new critical buffer overflow vulnerability, tracked as “CVE-2020-10713” or “BootHole,” which is associated with the GRUB2 bootloader. GRUB2 is used as the primary bootloader for all major Linux systems, as well as Windows, macOS, and BSD systems. According to Eclypsium, the BootHole vulnerability resides inside a configuration file, “grub.cfg,” and could trigger a buffer overflow vulnerability inside the GRUB2 component. Threat actors could use this to modify the values inside the configuration file to gain arbitrary code execution within the UEFI execution environment. From there, threat actors could perform various malicious activities, including deploying malware.

Security researchers stated that, for some devices or OS setups, threat actors could exploit the BootHole vulnerability even when the servers or workstations have Secure Boot enabled. Secure Boot is a process where the server or computer uses cryptographic controls to make sure the boot process loads only cryptographically signed firmware components.

To exploit the vulnerability, an attacker would still need to have administrator privileges on the targeted system in order to modify the “grub.cfg” configuration file that could fully compromise the targeted device. Security researchers have reported the vulnerability to the related industry entities, including OS vendors and computer manufacturers. The release of a patch for the Boothole vulnerability is expected within a few days or weeks from the related companies, such as Microsoft, Debian, Citrix, HP, Oracle, Red Hat, Canonical, among others.

Nuspire recommends users to update their system once the patch is available to prevent the risk of the aforementioned vulnerability and continue to monitor the vulnerability.