GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools.


This affects mainly Linux-based computers and devices, where GRUB2 is deployed a lot, though boxes running Windows can be potentially roped in, too. Any system on which GRUB2 can be installed and run at boot-time is potentially vulnerable.


Designated CVE-2020-10713, the vulnerability allows a miscreant to achieve code execution within the open-source bootloader, and effectively control the device at a level above the firmware and below any system software. Bug hunters at Eclypsium, who found the flaw and dubbed it BootHole, said patching the programming blunder will be a priority and a headache for admins.


To be clear, malware or a rogue user must already have administrator privileges on the device to exploit the flaw, which for the vast majority of victims is a game-over situation anyway. You've likely lost all your data and network integrity at that point. What this bootloader bug opens up is the ability for a determined miscreant to burrow deeper, run code at a low level below other defenses, and compromise the foundation of a system to the point where they cannot be easily detected by administrators nor antivirus.


The bug


The flaw itself is a classic exploitable heap buffer overflow during the parsing of the grub.cfg configuration file by GRUB2 during startup. GRUB2 is used by Linux distributions to load the operating system from storage after power on or reset, though it can be used to load other OSes ..