An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools.
This affects mainly Linux-based computers and devices, where GRUB2 is deployed a lot, though boxes running Windows can be potentially roped in, too. Any system on which GRUB2 can be installed and run at boot-time is potentially vulnerable.
Designated CVE-2020-10713, the vulnerability allows a miscreant to achieve code execution within the open-source bootloader, and effectively control the device at a level above the firmware and below any system software. Bug hunters at Eclypsium, who found the flaw and dubbed it BootHole, said patching the programming blunder will be a priority and a headache for ..
Support the originator by clicking the read the rest link below.
