GRUB2 Bootloader Security Bypass Vulnerabilities (BootHole)
Original Issue Date: July 30, 2020
Severity Rating: High
- All devices running on Windows and Linux operating systems including servers, workstations, laptops and desktops which use GRUB2 bootloader.
Multiple vulnerabilities have been reported in GRUB2 bootloader, exploitation of which, results in arbitrary code execution during the boot process, even when Secure Boot is enabled.
GRand Unified Bootloader version 2 (GRUB2) is a multiboot bootloader that replaced GRUB Legacy in 2012. A bootloader is a piece of software that loads an Operating System (OS) into memory when a system boots up.Secure Boot makes sure that the entire chain of executable code from the system firmware through to the operating system is known and trusted, with each component in that chain verifying the integrity of the next.
This buffer overflow vulnerability exists because of improper parsing of content by GRUB2 from the GRUB2 config file (grub.cfg). This config file is a text file which is not signed like other files and executables. By modifying this file, an authenticated, local attacker could execute arbitrary code within GRUB2 and thus control over the booting of the operating system.
Successful exploitation of the vulnerabilities could allow the attacker to execute arbitrary code and gain persistence on the affected device.
Note: Successful exploitation of this vulnerability would require an attacker to have administrator or elevated privileges, or local access to a vulnerable device, which limits the impact of this vulnerability.
- Update GRUB2 to the latest version. Please refer to the respective vendors for appropriate updates.
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003