Sometimes the treatment is actually worse than the disease. The recently encountered Boothole security issue with GRUB2 and Secure Boot can, in theory, be used to attack Linux systems. In practice, the only vulnerable Linux systems are those that have already been successfully disbanded by an attacker. Nevertheless, there was a possibility of damage, so almost all enterprise Linux distributors have released patches. Unfortunately, for at least one – Red Hat – the fix has gone wrong.
Many users are reporting that, after patching Red Hat Enterprise Linux (RHEL) 8.2, it has made their systems unobatable. The problem also affects RHEL 7.x and 8.x computers. However, it seems to be limited to servers running only on bare iron. RHEL Virtual Machine (VM) S, which does not deal with Secure Boot firmware, is working fine.
RHEL is not the only Linux with this problem: CentOS 7.x and 8.x users are also reporting trouble. There have also been sporadic reports of Boothole boot problems with other Linux distros.
The repair work is going on. Peter Ellor, director of Red Hat’s Product Security Incident Response Team, told me:
“Red Hat has been made aware of a potential issue with the fix of CVE-2020-10713, also known as Bootzoll, under which some Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 systems A reboot cannot be successfully rebooted after remodeling is implemented. Manual intervention is required to fix this. We are currently investigating the issue and will provide more information as it becomes available. “
Other Red Hat employees say the fix will be fixed soon. So, if you haven’t patched yet, stop. If you have, and you are having trouble, help is on its way.