A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system.
Dubbed ‘BootHole‘ and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems.
Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process.
“One of the explicit design goals of Secure Boot is to prevent unauthorized code, even running with administrator privileges, from gaining additional privileges and pre-OS persistence by disabling Secure Boot or otherwise modifying the boot chain,” the report explained.
GRUB2 Bootloader Vulnerability
Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that…