Linuxで常用されるブートローダ、GRUB2に脆弱性があり、ハッカーがgrub.cfgを書き換えることによりバッファオーバーフローを引き起こし、PCを乗っ取ることが可能。これにより、Winなどセキュアブート(UEFI)のPCでも攻撃を受けるとのこと。

'BootHole' attack impacts Windows and Linux systems using GRUB2 and Secure Boot
Microsoft, Red Hat, Canonical, SuSE, Oracle, VMWare, Citrix, and many OEMs are expected to release BootHole patches.

https://www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot/

 

Newly discovered Linux and Windows vulnerability opens the door to hackers

https://siliconangle.com/2020/07/29/newly-discovered-linux-windows-boot-loading-vulnerability-opens-door-hackers/

 

2020-07-29付Debian 10 BusterのGRUB2アップデートで対策済みですが、同時に他の６件の脆弱性も潰されています。

Debian Security Advisory
DSA-4735-1 grub2 -- security update
Date Reported: 29 Jul 2020

https://www.debian.org/security/2020/dsa-4735

 

CVE-2020-10713 (BootHole)
A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code.

Details can be found at https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

CVE-2020-14308
It was discovered that grub_malloc does not validate the allocation size allowing for arithmetic overflow and subsequently a heap-based buffer overflow.

CVE-2020-14309
An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow.

CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap based buffer overflow.

CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow.

CVE-2020-15706
script: Avoid a use-after-free when redefining a function during execution.

CVE-2020-15707
An integer overflow flaw was found in the initrd size handling.

 

Ubuntuも2020-07-29付で対策済みです。

USN-4432-1: GRUB 2 vulnerabilities
29 JULY 2020

https://ubuntu.com/security/notices/USN-4432-1

 

影響を受けるPCやサーバ数が膨大なので、実際にBootHoleの脆弱性を悪用した被害はどの程度あったのでしょう？

 

起動時に虫が這い出て乗っ取られ