Early this morning, an pressing bug confirmed up at Crimson Hat’s bugzilla bug tracker—a person found that the RHSA_2020:3216 grub2 safety replace and RHSA-2020:3218 kernel safety replace rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clear minimal set up of Crimson Hat Enterprise Linux 8.2.
The patches have been meant to shut a newly found vulnerability within the GRUB2 boot supervisor referred to as BootHole. The vulnerability itself left a technique for system attackers to probably set up “bootkit” malware on a Linux system regardless of that system being protected with UEFI Safe Boot.
RHEL and CentOS
Sadly, Crimson Hat’s patch to GRUB2 and the kernel, as soon as utilized, are leaving patched techniques unbootable. The problem is confirmed to have an effect on RHEL 7.Eight and RHEL 8.2, and it could have an effect on RHEL 8.1 and seven.9 as properly. RHEL-derivative distribution CentOS can also be affected.
Crimson Hat is presently advising customers to not apply the GRUB2 safety patches (RHSA-2020:3216 or RHSA-2020:3217) till these points have been resolved. Should you administer a RHEL or CentOS system and imagine you could have put in these patches, don’t reboot your system. Downgrade the affected packages utilizing
sudo yum downgrade shim* grub2* mokutil and configure
yum to not improve these packages by quickly including
exclude=grub2* shim* mokutil to
/and so forth/yum.conf.
Should you’ve already utilized the patches and tried (and failed) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, arrange the community, then carry out the identical steps outlined above so as to restore performance to your system.
Though the bug was first reported in Crimson Hat Enterprise Linux, apparently associated bug experiences are rolling in from different distributions from completely different households as properly. Ubuntu and Debian customers are reporting techniques which can not boot after putting in GRUB2 updates, and Canonical has issued an advisory together with directions for restoration on affected techniques.
Though the impression of the GRUB2 bug is analogous, the scope could also be completely different from distribution to distribution; to date it seems the Debian/Ubuntu GRUB2 bug is simply affecting techniques which boot in BIOS (not UEFI) mode. A repair has already been dedicated to Ubuntu’s
proposed repository, examined, and launched to its
updates repository. The up to date and launched packages,
grub2 (2.02~beta2-36ubuntu3.27) xenial and
grub2 (2.04-1ubuntu26.2) focal, ought to resolve the issue for Ubuntu customers.
For Debian customers, the repair is obtainable in newly dedicated bundle
We wouldn’t have any phrase right now about flaws in or impression of GRUB2 BootHole patches on different distributions resembling Arch, Gentoo, or Clear Linux.