High-Severity Vulnerability in GRand Unified Bootloader version 2 (CVE-2020-10713)

Published on 30 Jul 2020

Updated on 30 Jul 2020

Security researchers discovered a high-severity vulnerability dubbed “BootHole” (CVE-2020-10713) in GRand Unified Bootloader version 2 (GRUB2) affecting devices running on Windows and Linux operating systems including servers, workstations, laptops and desktops in conjunction with Secure Boot.

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code and gain persistence on the affected device.

Administrators and users of the affected products are advised to monitor their respective product websites for the release of security patches and update to the latest version once it is available. For more information about the affected products and related mitigation measures, refer to https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/.