Submission + - Linux GRUB2 Bootloader Flaw Breaks Secure Boot On Most Computers and Servers (csoonline.com)
itwbennett writes: Patches were announced today for a vulnerability in the GRUB2 Linux bootloader that allows attackers to bypass boot process integrity verification. Because of how Secure Boot is implemented, the flaw can also be used to compromise the booting process of Windows and other systems. ‘The vulnerability found by Eclypsium is tracked as CVE-2020-10713 and is rated 8.2 (high) in the Common Vulnerability Scoring System (CVSS), but it's not the only one,’ writes Lucian Constantin for CSO. ‘After the company privately reported the vulnerability, a security audit of the GRUB2 code base was performed by security teams from Oracle, Red Hat, Canonical and VMware, resulting in dozens of other vulnerabilities and dangerous code operations being found and fixed. Some of them also have CVE identifiers — CVE-2020-14308, CVE-2020-14311, CVE-2020-14309 and CVE-2020-14310 — but others do not.’