Jump to content

GRUB2 Security Vulnerability


ebrke

Recommended Posts

securitybreach

Ah, nothing to worry about:

 

Quote

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 

oHvugGu.png

 

Another reason to stay up to date ;)

Link to comment
Share on other sites

GRUB2 was updated a couple of days ago in Debian to address this.

 

Edit - and the update was updated today -

Quote

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4735-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 30, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : grub2 Debian Bug : 966554 The update for grub2 released as DSA 4735-1 caused a boot-regression when chainloading another bootlaoder and breaking notably dual-boot with Windows. Updated grub2 packages are now available to correct this issue. For the stable distribution (buster), this problem has been fixed in version 2.02+dfsg1-20+deb10u2.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...