430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Updates provided by Red Hat for BootHole cause systems to hang

Red Hat is warning customers to not install the package updates released to address the BootHole vulnerability due to possible problems reported by the users. This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole, that can be exploited to install a […]

BootHole

Red Hat is warning customers to not install the package updates released to address the BootHole vulnerability due to possible problems reported by the users.

This week, firmware security company Eclypsium reported that billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue (CVE-2020-10713), dubbed BootHole, that can be exploited to install a stealthy malware.

According to researchers from the firmware security firm Eclypsium, which discovered the issue, the BootHole flaw affects any operating system that uses GRUB2 with Secure Boot.

GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks.

Immediately after the disclosure of the issue maintainers of major Linux distributions have started releasing updated packages to fix it.

Red Hat confirmed that the BootHole impacts Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4.

The company recommended users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.

Unfortunately, users that updated the packaged started reporting that their systems failed to boot.

“Applying the RHSA-2020:3216 grub2 security update and the RHSA-2020:3218 kernel security and bug fix update on a fresh “minimal” installation of RHEL 8.2 renders the system unbootable.” reads a ticket opened on Red Hat’s bug tracker.

Steps to Reproduce:
1. Install RHEL 8.2 "minimal" version from Binary DVD iso downloaded on 7/29/2020 on system running in EFI mode
2. Apply current updates as of 7/29/2020 with "yum update"
3. Reboot system

Actual results:
System hangs after POST and the grub menu never loads

Now Red Hat has updated its advisory recommending users to avoid updating the grub2, fwupd, fwupdate or shim packages until new packages will be available.

Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.

Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be impacted, versions 7.9 and 8.1 EUS could also be affected.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BootHole)

[adrotate banner=”5″]

[adrotate banner=”13″]