Early this early morning, an urgent bug confirmed up at Crimson Hat’s bugzilla bug tracker—a user found out that the RHSA_2020:3216 grub2 protection update and RHSA-2020:3218 kernel protection update rendered an RHEL 8.2 process unbootable. The bug was reported as reproducible on any thoroughly clean minimum install of Red Hat Business Linux 8.2.
The patches had been meant to shut a recently identified vulnerability in the GRUB2 boot manager termed BootHole. The vulnerability alone left a strategy for procedure attackers to potentially set up “bootkit” malware on a Linux system irrespective of that procedure being shielded with UEFI Safe Boot.
RHEL and CentOS
Sad to say, Pink Hat’s patch to GRUB2 and the kernel, after utilized, are leaving patched programs unbootable. The concern is verified to have an affect on RHEL 7.8 and RHEL 8.2, and it may influence RHEL 8.1 and 7.9 as perfectly. RHEL-derivative distribution CentOS is also influenced.
Pink Hat is at present advising consumers not to apply the GRUB2 security patches (RHSA-2020:3216 or RHSA-2020:3217) until eventually these troubles have been solved. If you administer a RHEL or CentOS program and imagine you may possibly have mounted these patches, do not reboot your technique. Downgrade the influenced deals applying
sudo yum downgrade shim* grub2* mokutil and configure
yum not to update people packages by briefly adding
exclude=grub2* shim* mokutil to
/and many others/yum.conf.
If you have previously utilized the patches and tried (and unsuccessful) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting method, set up the network, then accomplish the similar steps outlined above in buy to restore functionality to your procedure.
Even though the bug was initial claimed in Purple Hat Company Linux, seemingly linked bug stories are rolling in from other distributions from various people as very well. Ubuntu and Debian people are reporting programs which simply cannot boot after putting in GRUB2 updates, and Canonical has issued an advisory which includes directions for recovery on afflicted techniques.
Whilst the affect of the GRUB2 bug is identical, the scope may possibly be distinct from distribution to distribution so much it appears the Debian/Ubuntu GRUB2 bug is only influencing devices which boot in BIOS (not UEFI) manner. A repair has currently been committed to Ubuntu’s
proposed repository, examined, and released to its
updates repository. The up to date and produced packages,
grub2 (2.02~beta2- and
grub2 (2.04-1ubuntu26.2) focal, must solve the issue for Ubuntu buyers.
For Debian end users, the correct is available in newly committed offer
We do not have any word at this time about flaws in or influence of GRUB2 BootHole patches on other distributions such as Arch, Gentoo, or Distinct Linux.