23 total views
Early this morning, an pressing bug confirmed up at Crimson Hat’s bugzilla bug tracker—a person found that the RHSA_2020:3216 grub2 safety replace and RHSA-2020:3218 kernel safety replace rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clear minimal set up of Crimson Hat Enterprise Linux 8.2.
The patches have been meant to shut a newly found vulnerability within the GRUB2 boot supervisor known as BootHole. The vulnerability itself left a technique for system attackers to probably set up “bootkit” malware on a Linux system regardless of that system being protected with UEFI Safe Boot.
RHEL and CentOS
Sadly, Crimson Hat’s patch to GRUB2 and the kernel, as soon as utilized, are leaving patched methods unbootable. The difficulty is confirmed to have an effect on RHEL 7.Eight and RHEL 8.2, and it might have an effect on RHEL 8.1 and seven.9 as properly. RHEL-derivative distribution CentOS can be affected.
Crimson Hat is at the moment advising customers to not apply the GRUB2 safety patches (RHSA-2020:3216 or RHSA-2020:3217) till these points have been resolved. For those who administer a RHEL or CentOS system and consider you’ll have put in these patches, don’t reboot your system. Downgrade the affected packages utilizing
sudo yum downgrade shim* grub2* mokutil and configure
yum to not improve these packages by briefly including
exclude=grub2* shim* mokutil to
/and many others/yum.conf.
For those who’ve already utilized the patches and tried (and failed) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, set up the network, then carry out the identical steps outlined above in an effort to restore performance to your system.
Though the bug was first reported in Crimson Hat Enterprise Linux, apparently associated bug stories are rolling in from different distributions from totally different households as properly. Ubuntu and Debian customers are reporting methods which can’t boot after putting in GRUB2 updates, and Canonical has issued an advisory together with instructions for restoration on affected methods.
Though the affect of the GRUB2 bug is comparable, the scope could also be totally different from distribution to distribution; up to now it seems the Debian/Ubuntu GRUB2 bug is simply affecting methods which boot in BIOS (not UEFI) mode. A repair has already been dedicated to Ubuntu’s
proposed repository, examined, and launched to its
updates repository. The up to date and launched packages,
grub2 (2.02~beta2- and
grub2 (2.04-1ubuntu26.2) focal, ought to resolve the issue for Ubuntu customers.
For Debian customers, the fix is on the market in newly dedicated package deal
We would not have any phrase at the moment about flaws in or affect of GRUB2 BootHole patches on different distributions corresponding to Arch, Gentoo, or Clear Linux.