The safe boot, despite the name, is not as secure as we would like. Security company Eclipseum discovered a security hole in GRUB2: Boothole. Linux users know GRUB2 as one of the most commonly used bootloaders. As such, this security issue makes any machine potentially vulnerable to attack – the keyword is “probable”.
BootHoles enable hackers to insert and execute malicious code during the boot-loading process. Once installed there, the bad boot payload may allow attackers to place code that later handles the operating system. Fortunately, Linux distro developers were warned about this problem, and most of them have already released patches.
In addition, to use BootHole, a hacker must edit the grub.cfg, GRUB2 configuration file. Therefore, to successfully attack a Linux system, the attacker must already have root-level access to the target system. In practice, such hackers have already compromised the system. With such access, attackers can modify the grub.cfg values to trigger a buffer overflow, which can then be used to load malware.
While Elysium found the initial GRUB2 problem, Linux developers found other trouble hiding within GRUB2. Canyon Safety Engineering Director Joe McManus said:
Thanks to Eclipseum, we at Canonical, along with the rest of the open-source community, have updated GRUB2 to defend against this vulnerability. During this process, we identified seven additional weaknesses in GRUB2, which will also be fixed in the update released today. An attack is not a remote exploit by itself, and requires the attacker to have root privileges. Keeping this in mind, we do not consider it a popular vulnerability used in the wild. However, this effort actually exemplifies the sense of community that makes open source software so secure. ”
Red Hat is also on the case. Peter Etor, Director of Red Hat Quality Products, said:
“Red Hat is aware of a flaw in GRUB 2 (CVE-2020-10713). Product Safety has conducted an in-depth analysis and not only understands how this flaw affects Red Hat products, but most importantly. How it affects the Linux kernel. Our PSRT works closely with engineering, cross-functional teams, the Linux community as well as our industry partners to deliver updates currently available for affected Red Hat products, including Red Hat Enterprise Linux Used to be. “
Marcus Meissner, head of the SUSE security team, explains, however, that while the problem is serious and needs patching, it’s not as bad. he saw:
“Given the need for root access to the bootloader, the described attack appears to have limited relevance for most cloud computing, data center, and personal device scenarios, unless these systems are already compromised by another known attack . However, it poses a risk. Unbelieving users may use a machine, such as a bad actor in classified computing scenarios or working in unlicensed kiosk mode in computers in a public place. “
So, the moral of the story is that when you should patch your Linux system, this security hole is actually a problem under very limited circumstances.