Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Red Hat’s BootHole Patches Cause Systems to Hang

Red Hat has told customers not to install the package updates released in response to the recently disclosed BootHole vulnerability after users reported that their systems hung after applying the updates.

Red Hat has told customers not to install the package updates released in response to the recently disclosed BootHole vulnerability after users reported that their systems hung after applying the updates.

Firmware security company Eclypsium revealed this week that billions of PCs, workstations, servers and other devices running Windows and Linux are affected by a GRUB2 bootloader vulnerability that can be exploited by a local attacker with admin privileges to execute malicious code when the system boots up.

The flaw, officially identified as CVE-2020-10713, impacts systems that use Secure Boot, and fully patching it involves replacing vulnerable bootloaders and updating the Secure Boot revocation list (DBX) to ensure that the old bootloaders can no longer be executed.BootHole

Patching will require collaboration between hardware and software vendors and impacted companies have started working on updates. Linux distributions have already released updated packages.

Red Hat, which assigned the flaw a moderate severity rating, says BootHole affects Enterprise Linux 7 and 8, Atomic Host, and the OpenShift Container Platform 4. The company initially advised users to update their grub2, kernel, fwupdate, fwupd, shim and dbxtool packages.

However, shortly after the packages were released, users started reporting that their systems failed to boot after applying the updates. A support ticket in Red Hat’s bug tracker says the “system hangs after POST and the grub menu never loads.”

Red Hat has now updated its initial advisory, telling customers that it strongly recommends against applying the grub2, fwupd, fwupdate or shim updates until new packages are available.

Red Hat has released instructions for how users who have already installed the buggy updates can restore their system. The company says it has identified the cause of the problem and is working on a fix.

Red Hat Enterprise Linux 7.8 and 8.2 are confirmed to be affected, but versions 7.9 and 8.1 EUS could also be impacted.

Several organizations have posted advisories in response to the BootHole vulnerability, including CERTs, the UEFI Forum, Microsoft, Linux distributions, VMware, Oracle and HP.

Related: Devices Still Vulnerable to DMA Attacks Despite Protections

Related: Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems

Related: Password Bypass Flaw Found in GRUB2 Linux Bootloader

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...