GRUB2 Arbitrary Code Execution Vulnerability

On July 29, 2020, a research paper titled “There’s a Hole in the Boot” was made publicly available. This paper discusses a vulnerability discovered in the GRand Unified Bootloader version 2 (GRUB2) bootloader that may allow an attacker to execute arbitrary code at system boot time.

The vulnerability is due to incorrect bounds checking of certain values parsed from the GRUB2 configuration file. An attacker could exploit this vulnerability by supplying a crafted configuration file for GRUB2. When this file is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to inject arbitrary code that is executed before the operating system is loaded on the targeted system.

On systems protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, exploitation of this vulnerability may allow the attacker to tamper with the secure boot process.

Multiple Cisco products are affected by this vulnerability.

Cisco will release software updates that address this vulnerability. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products [“#vp”] section of this advisory.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY”]