Early this morning, an pressing bug confirmed up at Purple Hat’s bugzilla bug tracker—a shopper discovered that the RHSA_2020:3216 grub2 stability replace and RHSA-2020:3218 kernel security replace rendered an RHEL 8.2 method unbootable. The bug was reported as reproducible on any clear up small put in of Pink Hat Enterprise Linux 8.2.
The patches have been meant to close a newly discovered vulnerability within the GRUB2 boot supervisor known as BootHole. The vulnerability by itself remaining a system for program attackers to probably arrange “bootkit” malware on a Linux technique no matter that course of changing into shielded with UEFI Protected Boot.
RHEL and CentOS
Unhappy to say, Pink Hat’s patch to GRUB2 and the kernel, on the time utilized, are leaving patched strategies unbootable. The problem is confirmed to affect RHEL 7.Eight and RHEL 8.2, and it could maybe affect RHEL 8.1 and seven.9 as properly. RHEL-spinoff distribution CentOS can be influenced.
Crimson Hat is in the intervening time advising customers to not apply the GRUB2 safety patches (RHSA-2020:3216 or RHSA-2020:3217) proper up till these difficulties have been mounted. Should you administer a RHEL or CentOS technique and assume you can have put in these patches, don’t reboot your technique. Downgrade the influenced provides making use of
sudo yum downgrade shim* grub2* mokutil and configure
yum to not enhance these provides by quickly introducing
exclude=grub2* shim* mokutil to
/and so forth/yum.conf.
When you’ve got already utilized the patches and tried (and failed) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, established up the community, then carry out the exact same methods outlined above in buy to revive efficiency to your course of.
Whereas the bug was 1st documented in Pink Hat Group Linux, apparently related bug experiences are rolling in from different distributions from completely different relations as completely. Ubuntu and Debian prospects are reporting packages which can’t boot proper after placing in GRUB2 updates, and Canonical has issued an advisory together with directions for restoration on impacted gadgets.
Though the affect of the GRUB2 bug is an identical, the scope might probably be completely different from distribution to distribution a lot it appears the Debian/Ubuntu GRUB2 bug is simply impacting gadgets which boot in BIOS (not UEFI) method. A repair has now been devoted to Ubuntu’s
proposed repository, examined, and produced to its
updates repository. The up to date and unveiled offers,
grub2 (2.02~beta2- and
grub2 (2.04-1ubuntu26.2) focal, should resolve the problem for Ubuntu shoppers.
For Debian folks, the resolve is accessible in lately totally commited bundle
We do not need any time period at the moment about flaws in or impact of GRUB2 BootHole patches on different distributions this form of as Arch, Gentoo, or Apparent Linux.