It appears that the patches released for Linux distributions in response to the GRUB2 bootloader vulnerability are causing problems for many users, making their systems unbootable.
The flaw, tracked as BootHole and CVE-2020-10713, impacts PCs, servers and other devices running Linux and Windows if they use Secure Boot. An attacker with admin privileges on the targeted system can exploit the vulnerability to run malicious code when the device boots up, enabling them to install stealthy and persistent malware.
Completely patching BootHole is not an easy task as it will involve replacing vulnerable bootloaders and updating the Secure Boot revocation list (DBX) to ensure that the old bootloaders cannot be executed, a process that requires collaboration between multiple software and hardware vendors.
Linux distributions have already started releasing updates for the grub2, shim and other packages in response to the vulnerability. However, it appears that those packages have been causing problems for many users, resulting in their systems hanging during the boot process.
Red Hat users were the first to report problems, but it appears that other Linux distributions are experiencing similar issues, including Ubuntu, Debian, CentOS and Mint.
Security researcher Kevin Beaumont reported that major cloud providers such as Azure and Digital Ocean are also seeing systems that fail to boot due to the patches.
He pointed out that similar problems were caused by the initial patches released a few years ago for the notorious Meltdown and Spectre vulnerabilities.
“I think there is a genuine conversation to be had about security vulnerabilities and the wider outlook. A primary concern with security (and in business) is availability. As an industry we also need to be better at careful analysis of vulnerabilities, and staggered testing of patches. The provided solution has again, unfortunately, become worse than the vulnerability for most people,” Beaumont noted.
Impacted Linux distributions are working on developing new packages and some of them have provided instructions on how users can restore systems impacted by the buggy patches.
Capsule8’s Kelly Shortridge predicted after BootHole was disclosed, “We might see more damage from people attempting the mitigation rather than attackers leveraging this in dastardly digital crimes.”

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Latest News
- Sentra Raises $30 Million for DSPM Technology
- Cyber Insights 2023: Cyberinsurance
- Cyber Insights 2023: Attack Surface Management
- Cyber Insights 2023: Artificial Intelligence
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- How the Atomized Network Changed Enterprise Protection
- Critical QNAP Vulnerability Leads to Code Injection
