Linuxで常用されるブートローダ、GRUB2に脆弱性があり、ハッカーがgrub.cfgを書き換えることによりバッファオーバーフローを引き起こし、PCを乗っ取ることが可能。これにより、Winなどセキュアブート(UEFI)のPCでも攻撃を受けるとのこと。
'BootHole' attack impacts Windows and Linux systems using GRUB2 and Secure Boot
Microsoft, Red Hat, Canonical, SuSE, Oracle, VMWare, Citrix, and many OEMs are expected to release BootHole patches.
Newly discovered Linux and Windows vulnerability opens the door to hackers
2020-07-29付Debian 10 BusterのGRUB2アップデートで対策済みですが、同時に他の6件の脆弱性も潰されています。
Debian Security Advisory
DSA-4735-1 grub2 -- security update
Date Reported: 29 Jul 2020
https://www.debian.org/security/2020/dsa-4735
CVE-2020-10713 (BootHole)
A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code.
Details can be found at https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
CVE-2020-14308
It was discovered that grub_malloc does not validate the allocation size allowing for arithmetic overflow and subsequently a heap-based buffer overflow.
CVE-2020-14309
An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow.
CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap based buffer overflow.
CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow.
CVE-2020-15706
script: Avoid a use-after-free when redefining a function during execution.
CVE-2020-15707
An integer overflow flaw was found in the initrd size handling.
Ubuntuも2020-07-29付で対策済みです。
USN-4432-1: GRUB 2 vulnerabilities
29 JULY 2020
https://ubuntu.com/security/notices/USN-4432-1
影響を受けるPCやサーバ数が膨大なので、実際にBootHoleの脆弱性を悪用した被害はどの程度あったのでしょう?
起動時に虫が這い出て乗っ取られ