Security experts at the CERT Coordination Center are warning of a GRUB2 bootloader buffer overflow vulnerability that affects multiple products.
The Free Software Foundation GNU Project’s multiboot boot loader, GNU GRUB2, is a multiboot boot loader program that first runs upon boot and loads the operating system.
The CERT Coordination Center (CERT/CC) describes the GRUB2 vulnerability CVE-2020-10713 in the advisory:
“GRUB2 is vulnerable to a buffer overflow when parsing content from the GRUB2 configuration file (grub.cfg). This configuration file is an external file commonly located in the EFI System Partition and can therefore be modified by an attacker with administrator privileges without altering the integrity of the signed vendor shim and GRUB2 boot loader executables. This could allow an authenticated, local attacker to modify the contents of the GRUB2 configuration file to ensure that the attacker’s chosen code is run before the operating system is loaded. This could allow the attacker to gain persistence on the device, even with Secure Boot enabled. All versions of GRUB2 that load commands from an external grub.cfg configuration file are vulnerable.”CERT/CC
Organizations are highly recommended to patch systems with latest version of GRUB2 to address the vulnerabilities.
Multiple vendors have also published advisories, to include Red Hat, CentOS, NetApp and others.