BootHole Patched for CentOS

If you're not aware, a fairly malicious vulnerability was found and dubbed BootHole (being tracked as CVE-2020-10713 – https://access.redhat.com/security/cve/CVE-2020-10713). This issue could impede the bootloading process of an operating system and can affect any version of GRUB2, prior to version 2.06. The vulnerability allows attackers to hijack and alter the GRUB2 verification process and bypass Secure Boot protections.

Of course, in order to take advantage of this flaw, an attacker would have to have access to the physical system or remote access to the grub.cfg configuration file. The BootHole vulnerability even works with Secure Boot enabled because on many devices the Secure Boot process doesn't cryptographically verify the grub.cfg file.

Fortunately, all affected platforms are in the process of releasing patches for the vulnerability. As of August 3rd, 2020, the CentOS developers have released patches for their platform. All CentOS administrators should make sure they are using the proper shim packages with the correct fixes. The packages in question are shim-x64-15-15.el8_2.x86_64.rpm (CentOS 8) or shim-x64-15-8.el7_8.x86_64.rpm (CentOS 7). To install those shims, you could issue the command sudo dnf install shim-x64-15-15.el8_2 (for CentOS 8) or sudo dnf install shim-x64-15-8.el7_8 (for CentOS 7).

For more information, check out the official CentOS bug page (https://bugs.centos.org/view.php?id=17631) for the shim package.