GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

2020-07-29 17:00

An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools.

Any system on which GRUB2 can be installed and run at boot-time is potentially vulnerable.

GRUB2 is used by Linux distributions to load the operating system from storage after power on or reset, though it can be used to load other OSes as well as hypervisors and similar stuff.

Interestingly, although GRUB2 is primarily associated with Linux, this vulnerability can be exploited on machines running Windows and other system software, we're told.

Highly privileged malware or rogue insiders could in theory install a vulnerable version of GRUB2 on a box, and configure the Secure Boot firmware to run it on startup, thus triggering low-level code execution prior to loading the OS. The solution.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/29/grub2_code_exec_flaw/

#boot #bufferoverflow #malware