The new “BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack.

  • Security researchers from Eclypsium uncovered a high severity Buffer overflow (CVE-2020-10713) vulnerability called BootHole with CVSS score 8.2 in the GRUB2 (GRand Unified Bootloader version 2), bootloader of majority of laptops, desktops, workstations, and servers.

  • Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems.

  • Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process.

  • One of the explicit design goals of Secure Boot is to prevent unauthorized code, even running with administrator privileges, from gaining additional privileges and pre-OS persistence by disabling Secure Boot or otherwise modifying the boot chain.

  • This vulnerability affects any device that uses GRUB2 bootloader (loads an Operating System into memory) including Linux system, and almost every Windows device using Secure Boot with Microsoft's standard Unified Extensible Firmware Interface (UEFI) certificate authority.