Boothole Patched for CentOS
If you're not aware, a fairly malicious vulnerability was found and dubbed Boothole (being tracked as CVE-2020-10713). This issue could impede the boot-loading process of an operating system and can affect any version of GRUB2, prior to version 2.06. The vulnerability allows attackers to hijack and alter the GRUB2 verification process and bypass Secure Boot protections.
Of course, in order to take advantage of this flaw, an attacker would have to have access to the physical system or remote access to the grub.cfg configuration file. The Boothole vulnerability even works with Secure Boot enabled because on many devices the Secure Boot process doesn't cryptographically verify the grub.cfg file.
Fortunately, all affected platforms are in the process of releasing patches for the vulnerability. As of August 3rd, 2020, the developers of CentOS have released patches for their platform. All CentOS administrators should make sure they are using the proper shim packages with the correct fixs. The packages in question are shim-x64-15-15.el8_2.x86_64.rpm (CentOS 8) or shim-x64-15-8.el7_8.x86_64.rpm (CentOS 7). To install those shims, you could issue the command sudo dnf install shim-x64-15-15.el8_2 (for CentOS 8) or sudo dnf install shim-x64-15-8.el7_8 (for CentOS 7).
For more information, check out the official CentOS bug page for the shim package.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.