Discover Security Vulnerabilities News
Multiple New Security Issues Hit GRUB Bootloader Around Secure Boot
Last summer, the GRUB bootloader was impacted by "BootHole" with security issues hitting its UEFI Secure Boot support. Now a new round of GRUB2 vulnerabilities affecting its UEFI Secure Boot support have been made public.
A new set of GRUB2 security vulnerabilities were made public today affecting its UEFI Secure Boot support. A set of eight CVEs were issued in 2020 and this year for the new issues. The issues include the possibility of specially crafted ACPI tables being loaded even if Secure Boot is active, memory corruption in GRUB's menu rendering, use-after-free in rmmod functionality, the cutmem command allowing privileged users to disable certain memory regions and in turn Secure Boot protections, arbitrary code execution even if Secure Boot is enabled, GRUB 2.05 accidentally re-introducing one of last year's vulnerabilities, and memory corruption from crafted USB device descriptors that could lead to arbitrary code execution.