Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

BootHole Patches Causing Many Systems to Become Unbootable

It appears that the patches released for Linux distributions in response to the GRUB2 bootloader vulnerability are causing problems for many users, making their systems unbootable.

It appears that the patches released for Linux distributions in response to the GRUB2 bootloader vulnerability are causing problems for many users, making their systems unbootable.

The flaw, tracked as BootHole and CVE-2020-10713, impacts PCs, servers and other devices running Linux and Windows if they use Secure Boot. An attacker with admin privileges on the targeted system can exploit the vulnerability to run malicious code when the device boots up, enabling them to install stealthy and persistent malware.

Completely patching BootHole is not an easy task as it will involve replacing vulnerable bootloaders and updating the Secure Boot revocation list (DBX) to ensure that the old bootloaders cannot be executed, a process that requires collaboration between multiple software and hardware vendors.

BootHole patches causing problems

Linux distributions have already started releasing updates for the grub2, shim and other packages in response to the vulnerability. However, it appears that those packages have been causing problems for many users, resulting in their systems hanging during the boot process.

Red Hat users were the first to report problems, but it appears that other Linux distributions are experiencing similar issues, including Ubuntu, Debian, CentOS and Mint.

Security researcher Kevin Beaumont reported that major cloud providers such as Azure and Digital Ocean are also seeing systems that fail to boot due to the patches.

He pointed out that similar problems were caused by the initial patches released a few years ago for the notorious Meltdown and Spectre vulnerabilities.

“I think there is a genuine conversation to be had about security vulnerabilities and the wider outlook. A primary concern with security (and in business) is availability. As an industry we also need to be better at careful analysis of vulnerabilities, and staggered testing of patches. The provided solution has again, unfortunately, become worse than the vulnerability for most people,” Beaumont noted.

Impacted Linux distributions are working on developing new packages and some of them have provided instructions on how users can restore systems impacted by the buggy patches.

Capsule8’s Kelly Shortridge predicted after BootHole was disclosed, “We might see more damage from people attempting the mitigation rather than attackers leveraging this in dastardly digital crimes.”

Related: Red Hat’s BootHole Patches Cause Systems to Hang

Related: Companies Respond to ‘BootHole’ Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.