As many experts have predicted, patches for the BootHole vulnerability in the GRUB2 boot loader that are used in all primary Linux distributions pose disruptions and prevent some users from starting their systems.
Although the list of affected distributions came with Red Hat yesterday, it has now expanded to include Ubuntu [1, 2, 3], Debian, CentOS [1, 2] and Fedora users.
Microsoft security researcher Kevin Beaumont also worries about disruptions in cloud environments, that is, when “a cloud startup error poses disruptions to the primary cloud with Grub, such as Digital Ocean and Azure, which have the same impact: fixed systems don’t start.”
Details of the BootHole vulnerability were released before this week on Wednesday. Discovered through corporate security Eclypsium, the vulnerability affects GRUB2, a bootloader component that is used to launch operating systems on servers and desktop computers.
GRUB2 is lately the default boot loader on all Linux hosts, but it is also used for Windows, in some scenarios, as a traditional boot loader or for startup purposes.
Vulnerability attackers or BootHole malware to modify the GRUB2 configuration registry and insert malicious code into the startup loader and, by its very nature, the operational formula it launches.
Systems using GRUB2 in secure boot mode were also found to be vulnerable because the GRUB2 configuration log is not performed by safe boot procedure checks.
The vulnerability was considered severe enough that all primary Linux distributions would have been fixed when Eclypsium launched its studies this week.
The disorders were to be expected, said Kelly Shortridge, vice president of cybersecurity company Capsule8, in a blog post this week, where she analyzed the effect of BootHole’s vulnerability on formula managers.
The disorders are maintained basically because the BootHole fix ignores complex cryptography, secure startup procedure security controls, and runs with a Microsoft-managed authorization denylist list, all expected the disorders to be maintained.
And that’s what they did. As ZDNet reported yesterday, the first disorders were reported with Red Hat, however, more and more bug reports come from other distributions.
Because a failure in GRUB2 regularly stops starting the entire operating system, disruptions cause downtime for those affected. In all cases, users reported that downgrading the systems to an edition prior to opposite BootHole patches resolved their issues.
Regardless of the reported issues, users are advised to apply BootHole patches, as security researchers expect this error to be triggered through malware operators at some point in the long term, basically because it allows malware to implant a bootkit component into inflamed formulas that work. under the antivirus point and survives the restarts of the operational formula.
Group of Iranian hackers not rated recent attacks with Dharma ransomware
The main vulnerabilities used via ransomware gangs are VPN errors, RDP still reigns supreme
IBM and Microsoft mobilize to remove insensitive language to product racism
Firefox will soon have the multimedia keys on the keyboard.
By registering, you agree to the terms of use and knowledge practices defined in the privacy policy.
You’ll get a loose subscription to ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may opt out of receiving these newsletters at any time.
You agree to get CBS circle updates, alerts and promotions from business family members by adding ZDNet Tech Update Today and ZDNet Announcement. You can choose to leave at any time.