CVE-2020-10713: “BootHole” GRUB2 Bootloader Arbitrary Code Execution Vulnerability


On July 29, researchers at Eclypsium disclosed a high severity vulnerability in the GRand Unified Bootloader (GRUB) version 2. Dubbed “BootHole,” the flaw affects the GRUB2 bootloader in Windows and Linux devices using Secure Boot.CVE-2020-10713 is a buffer overflow vulnerability in GRUB2, a piece of software that loads an Operating System (OS) into memory when a system boots up. The flaw exists due to the way GRUB2 parses a configuration file, grub.cfg. GRUB2 is the default boot loader for Red Hat Enterprise Linux (RHEL) and many other *nix distributions.

Read more…