Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Red Hat’s BootHole Patches Cause Systems to Hang

Red Hat has told customers not to install the package updates released in response to the recently disclosed BootHole vulnerability after users reported that their systems hung after applying the updates.

Red Hat has told customers not to install the package updates released in response to the recently disclosed BootHole vulnerability after users reported that their systems hung after applying the updates.

Firmware security company Eclypsium revealed this week that billions of PCs, workstations, servers and other devices running Windows and Linux are affected by a GRUB2 bootloader vulnerability that can be exploited by a local attacker with admin privileges to execute malicious code when the system boots up.

The flaw, officially identified as CVE-2020-10713, impacts systems that use Secure Boot, and fully patching it involves replacing vulnerable bootloaders and updating the Secure Boot revocation list (DBX) to ensure that the old bootloaders can no longer be executed.BootHole

Patching will require collaboration between hardware and software vendors and impacted companies have started working on updates. Linux distributions have already released updated packages.

Red Hat, which assigned the flaw a moderate severity rating, says BootHole affects Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4. The company initially advised users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.

However, shortly after the packages were released, users started reporting that their systems failed to boot after applying the updates. A support ticket in Red Hat’s bug tracker says the “system hangs after POST and the grub menu never loads.”

Red Hat has now updated its initial advisory, telling customers that it strongly recommends against applying the grub2, fwupd, fwupdate or shim updates until new packages are available.

Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.

Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be affected, but versions 7.9 and 8.1 EUS could also be impacted.

Advertisement. Scroll to continue reading.

Several organizations have posted advisories in response to the BootHole vulnerability, including CERTs, the UEFI Forum, Microsoft, Linux distributions, VMware, Oracle and HP.

Related: Devices Still Vulnerable to DMA Attacks Despite Protections

Related: Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems

Related: Password Bypass Flaw Found in GRUB2 Linux Bootloader

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights