TTCSIRT-329.07.30.20: TT-CSIRT ADVISORY- GRUB2 BOOTLOADER IS VULNERABLE TO BUFFER OVERFLOW

GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled.

The impact of this results in an authenticated, local attacker being able to modify the contents of the GRUB2 configuration file to execute arbitrary code that bypasses signature verification.

This could allow the attacker to gain persistence on the device, even with Secure Boot enabled.

Because the attacker’s code runs before the operating system, the attacker could control how the operating system is loaded, directly patch the operating system, or even direct the bootloader to alternate OS images.

All versions of GRUB2 that load commands from an external grub.cfg configuration file are vulnerable.

To mitigate this; GRUB2 needs to be updated to the latest version.         

The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review and apply the necessary updates.

For further review please see the following link:

https://www.kb.cert.org/vuls/id/174059

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt