Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Red Hat’s BootHole Patches Cause Systems to Hang

Red Hat has told customers not to install the package updates released in response to the recently disclosed BootHole vulnerability after users reported that their systems hung after applying the updates.

Red Hat has told customers not to install the package updates released in response to the recently disclosed BootHole vulnerability after users reported that their systems hung after applying the updates.

Firmware security company Eclypsium revealed this week that billions of PCs, workstations, servers and other devices running Windows and Linux are affected by a GRUB2 bootloader vulnerability that can be exploited by a local attacker with admin privileges to execute malicious code when the system boots up.

The flaw, officially identified as CVE-2020-10713, impacts systems that use Secure Boot, and fully patching it involves replacing vulnerable bootloaders and updating the Secure Boot revocation list (DBX) to ensure that the old bootloaders can no longer be executed.BootHole

Patching will require collaboration between hardware and software vendors and impacted companies have started working on updates. Linux distributions have already released updated packages.

Red Hat, which assigned the flaw a moderate severity rating, says BootHole affects Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4. The company initially advised users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.

However, shortly after the packages were released, users started reporting that their systems failed to boot after applying the updates. A support ticket in Red Hat’s bug tracker says the “system hangs after POST and the grub menu never loads.”

Red Hat has now updated its initial advisory, telling customers that it strongly recommends against applying the grub2, fwupd, fwupdate or shim updates until new packages are available.

Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.

Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be affected, but versions 7.9 and 8.1 EUS could also be impacted.

Several organizations have posted advisories in response to the BootHole vulnerability, including CERTs, the UEFI Forum, Microsoft, Linux distributions, VMware, Oracle and HP.

Related: Devices Still Vulnerable to DMA Attacks Despite Protections

Related: Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems

Related: Password Bypass Flaw Found in GRUB2 Linux Bootloader

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.