Updates provided by Red Hat for BootHole cause systems to hang

Red Hat is warning customers to not install the package updates released to address the BootHole vulnerability due to possible problems reported by the users.

This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole, that can be exploited to install a stealthy malware.

According to researchers from the firmware security firm Eclypsium, which discovered the issue, the BootHole flaw affects any operating system that uses GRUB2 with Secure Boot.

GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks.

Immediately after the disclosure of the issue maintainers of major Linux distributions have started releasing updated packages to fix it.

Red Hat confirmed that the BootHole impacts Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4.

The company recommended users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.

Unfortunately, users that updated the packaged started reporting that their systems failed to boot.

“Applying the RHSA-2020:3216 grub2 security update and the RHSA-2020:3218 kernel security and bug fix update on a fresh “minimal” installation of RHEL 8.2 renders the system unbootable.” reads a ticket opened on Red Hat’s bug tracker.

Steps to Reproduce:
1. Install RHEL 8.2 "minimal" version from Binary DVD iso downloaded on 7/29/2020 on system running in EFI mode
2. Apply current updates as of 7/29/2020 with "yum update"
3. Reboot system

Actual results:
System hangs after POST and the grub menu never loads

Now Red Hat has updated its advisory recommending users to avoid updating the grub2, fwupd, fwupdate or shim packages until new packages will be available.

Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.

Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be impacted, versions 7.9 and 8.1 EUS could also be affected.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BootHole)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.