On Thu, 30 Jul 2020 17:42:52 +0300, Andrei Z. wrote:
Andrei Z. wrote:
Arlen Holder wrote:
Dateline today, verbatim...
Â*Â* "Security researchers at Eclypsium discovered a vulnerability
Â*Â* that
Â*Â*Â* affects the bootloader used by 'virtually every' Linux system,
Â*Â*Â* and almost every Windows device using Secure Boot with
Â*Â*Â* Microsoft's standard Unified Extensible Firmware Interface
Â*Â*Â* (UEFI) certificate authority."
o *BootHole Secure Boot Threat Found In Most Every Linux Distro,
Windows 8 And 10*
https://www.forbes.com/sites/daveywi...othole-secure-
boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-
microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/
Â*Â* "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
Â*Â*Â* and sits in the default GRand Unified Bootloader 2 (GRUB2)
Â*Â*Â* but affects systems running Secure Boot even if they are not
Â*Â*Â* using GRUB2.
Â*Â* If successfully exploited, BootHole opens up Windows and Linux
Â*Â* devices to arbitrary code execution during the boot process, even
Â*Â* when Secure Boot is enabled. Meaning an attacker could gain
Â*Â* persistence for stealthily installed malware and give them,
Â*Â* "near-total control"
Â*Â* over the device, according to Eclypsium."
"multiple secure boot grub2 and linux kernel vulnerabilities" -
oss-security https://www.openwall.com/lists/oss-s...y/2020/07/29/3
"Mitigating BootHole ..." - Ubuntu
https://ubuntu.com//blog/mitigating-...e-in-the-boot-
cve-2020-10713-and-related-vulnerabilities
"There’s a Hole in the Boot" - Eclypsium
https://eclypsium.com/2020/07/29/the...e-in-the-boot/
My LMDE4 was patched for this yesterday....
--
Pull my Finger