Security News > 2021 > March > GRUB2 boot loader reveals multiple high severity vulnerabilities

GRUB2 boot loader reveals multiple high severity vulnerabilities
2021-03-03 19:37

GRUB, a popular boot loader used by Unix-based operating systems has fixed multiple high severity vulnerabilities.

In 2020, BleepingComputer had reported on the BootHole vulnerability in GRUB2 that could have let attackers compromise an operating system's booting process even if the Secure Boot verification mechanism was active.

117 patches issued for high severity GRUB2 vulnerabilities.

CVE CVSS 3.1 Severity Type Description Reported by CVE-2020-14372 High Incomplete List of Disallowed Inputs The acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled.

"Full mitigation against all the CVEs will require an updated UEFI revocation list which, in at least some cases, will not allow Secure Boot with today's boot artifacts," continued Kiper.

Given the seriousness of BootHole vulnerability in GRUB, high severity vulnerabilities like the ones mentioned above should be patched as soon as possible.


News URL

https://www.bleepingcomputer.com/news/security/grub2-boot-loader-reveals-multiple-high-severity-vulnerabilities/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2020-14372 Incomplete Blacklist vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled.
local
high complexity
gnu redhat fedoraproject netapp CWE-184
7.5
7.5