Security News > 2020 > July > 'BootHole' Flaw Allows Installation of Stealthy Malware, Affects Billions of Devices
Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability that can be exploited to install persistent and stealthy malware, firmware security company Eclypsium revealed on Wednesday.
The vulnerability, tracked as CVE-2020-10713 and dubbed BootHole, has a CVSS score of 8.2 and Eclypsium says it affects all operating systems that use GRUB2 with Secure Boot, a mechanism designed to protect the boot process from attacks.
The company says the flaw impacts machines that use Secure Boot even if they're not using GRUB2.
BootHole has been described as a buffer overflow flaw related to how GRUB2 parses its grub.
Following Eclypsium's discovery of the BootHole vulnerability, the Canonical security team also analyzed GRUB2 and identified several other security holes, all of which have been classified as medium severity.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-30 | CVE-2020-10713 | Classic Buffer Overflow vulnerability in multiple products A flaw was found in grub2, prior to version 2.06. | 8.2 |