Fast-forward to date, the effect has increased and spread on to Ubuntu, Debian, CentOS, and Fedora- all being distributions of Linux. There’s also been a reported issue in the cloud environment where Microsoft security analyst Kevin Beaumont says,
“a bug in cloud-init is causing problems across major cloud providers with Grub, such as Digital Ocean and Azure, having the same impact: patched systems then fail to boot.
You can read about the BootHole vulnerability in-depth here. The bug was founded by a security firm called Eclypsium, and it’s been said that it has a direct impact on GRUB2, which is a part of a bootloader that helps initiate various operating systems on computers and servers.
GRUB2 holds the default position as a bootloader on all important Linux systems. However, it can also be used on Windows as a customized bootloader or as a function of dual-boot. To talk about the BootHole vulnerability, it provides a pathway for malware to corrupt the configuration files of GRUB2. It thereby installs malicious code in the bootloader, and subsequently in the operating system as well.
Secure Boot mode is no different also, as programs that use the feature are also considered vulnerable. This is because the GRUB2 configuration file is not thoroughly protected by Secure Boot mode process checks. This unsafe exposure made all the important Linux distributions ready in forming a patch when Eclypsium published a public report in this week.
Kelly Shortridge, VP of cybersecurity firm Capsule8, says that problems like these were highly anticipated. She came to this conclusion when she saw the potential of the BootHole damaging the system administration.
All these problems take place when patching BootHole because the process involves meddling with cryptography, Secure Boot’s safety checks, and whitelist along with a blacklist that’s maintained by Microsoft. When the case is this complicated, concerns are bound to arise. Therefore, the issues did happen, starting with Red Hat having a bug. In GRUB2, it prevents any operating system from launching, However, users coming forth with a solution say that reversing the patch fixes the problem just fine.
Users are still advised to update their system to the latest bug fixes nonetheless. This is because experts perceive that the bug is going to get hit by malware anytime soon as it lets a bootkit part of infected systems to take flight, functioning in the shadow of antiviruses.