×


How to Fix Boot Hole vulnerability CVE-2020-1073

  • Home
  • Blog
  • How to Fix Boot Hole vulnerability CVE-2020-1073
How to Fix Boot Hole vulnerability CVE-2020-1073

This Boot hole vulnerability let attackers to take over the boot process and disrupt operation of the System.

RedHat team is working on an update to fix this bug.

As part of our Server Support Services, we have help our customers to protect their Linux Systems against any attack.

In this context, we shall look into boot hole vulnerability and how to  minimize such security concerns.

More about Boot Hole vulnerability CVE-2020-1073?

BootHole system vulnerability in GRUB2 bootloader lets an intruder or attacker to take advantage of the security flaw in Windows and Linux systems to do exploits. This affects the system during the boot process and therefore causes disruptions in operation.

This vulnerability seems to affect systems utilizing Secure Boot as well as those using GRUB2. Therefore, it affects all Linux distribution.

How to minimize risk of these attacks

With time RedHat will provide a patch to fix this bug as they are currently working on it.
For now, it is best not to apply updates in the grub2 , fwupdate until this security concern is fixed with the upcoming patch.
However, the following precaution is recommended to protect your system.

Before you reboot the system

i. Check that the packages are not updated and if updated already, there is need for your to downgrade with the following command;

yum downgrade shim\* grub2\* mokutil


ii. Place a security instruction in the yum configuration file "/etc/yum.conf" to stop any upgrade in the "grub2" package. Use the command below;

exclude=grub2* shim* mokutil


After you reboot the system

i. Use the RHEL DVD in the Troubleshooting  mode when booting up the system.
ii. Configure the network.
iii. Use the chroot  feature as seen below;

chroot /mnt/sysimage


iv. Next, you should perform a downgrade of the concerned packages with the following command;

yum downgrade shim\* grub2\* mokutil


v. As earlier advised, protect any upgrade of the grub2 packages  in the yum configuration file "/etc/yum.conf" with the following attribute;

exclude=grub2* shim* mokutil


vi. Exit the chroot and reboot the system with the following command;

exit
exit


Need support in protecting your Linux System? Consult us Today.

Conclusion

Just recently, on the 29th, July 2020, Popular Linux Distribution RedHat announced that there was a great security concern in the grub2 (CVE-2020-1073) version.


  • Explore

Related Post

error-spawn-sendmail-enoent

Error Spawn Sendmail ENOENT - How to fix this issue ?

Setup-VM-as-a-NAT-network-in-Proxmox-with-All-internal-IPs-handled-by-DNSmasq

How to setup a VM as a NAT network in Proxmox with All internal IPs handled by DNSmasq ?

Set-Up-Virtual-Machines-on-a-NAT-Network-in-Proxmox

Set Up and use and DNS for Virtual Machines on a NAT Network in Proxmox - How to do it ?

Create Mind Maps Within the Linux Terminal With h-m-m

How to Create Mind Maps Within the Linux Terminal With h-m-m (Hackers Mind Map) ?

How Chmod 777 works

Add User To Group in Linux

Resources