Qualys Support Proactive Notification: Red Hat Update for BootHole Vulnerability Renders Systems Unbootable
Last updated on: August 3, 2020
A recently released Red Hat update for the BootHole vulnerability (CVE-2020-10713) is causing certain systems to become unbootable. This issue is reported to occur for updates to the shim, grub2 and kernel packages in RHEL.
If the concerned Red Hat patches have been downloaded on any of your RHEL assets, we recommend referencing the online help documentation provided by Red Hat at the following link in order to immediately remediate the issue before system reboot.
https://access.redhat.com/solutions/5272311
Environment
This issue is confirmed in the following releases:
- Red Hat Enterprise Linux (RHEL) 7.8
- Red Hat Enterprise Linux (RHEL) 8.2
It is NOT confirmed in the following releases, but they are potentially affected:
- Red Hat Enterprise Linux (RHEL) 8.1 EUS
- Red Hat Enterprise Linux (RHEL) 7.9
Issue
UEFI: system hangs after POST and the grub menu never loads after applying the RHSA-2020:3216 and RHSA-2020:3217.
Resolution
As of writing this, Red Hat has fixed the bug in the shim packages. Updated shim packages are now available and can be used in conjunction with previously released grub2, fwupd, and fwupdate packages.
Below you will also find a list of affected vendors and their acknowledgement of the issue:
Centos:
RHEL:
Ubuntu:
Debian:
Detections
See how to automatically discover, prioritize, and remediate Boothole using Qualys VMDR®.
Qualys has released the following detections (QID: title) to identify the vulnerabilities related to CVE-2020-10713:
- 256935: CentOS Security Update for grub2 (CESA-2020:3217)
- 256934: CentOS Security Update for kernel (CESA-2020:3220)
- 177969: Debian Security Update for grub2 (DSA 4735-2)
- 158694: Oracle Enterprise Linux Security Update for grub2 (ELSA-2020-5782)
- 158695: Oracle Enterprise Linux Security Update for grub2 (ELSA-2020-5786)
- 158696: Oracle Enterprise Linux Security Update for grub2 (ELSA-2020-5790)
- 173771: SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2020:2073-1)
- 173770: SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2020:2076-1)
- 173769: SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2020:2078-1)
- 173768: SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2020:2079-1)
- 197967: Ubuntu Security Notification for Grub2 Vulnerability (USN-4432-1)
What about detection on windows? Microsoft has acknowledged this under ADV200011.
Will there be an QID exclusively for windows?