Sometimes the cure is really worse than the disease. The recently revealed Boothole security issue with GRUB2 and Secure Boot can, in theory, be used to attack Linux systems. In practice, the only vulnerable Linux systems are those that have already been successfully breached by an attacker. Still, the potential for harm was there, which is why almost all enterprise Linux vendors have released patches. Unfortunately, for at least one, Red Hat, the solution has gone wrong.
Many users report that after patching Red Hat Enterprise Linux (RHEL) 8.2, it has caused their systems to fail to boot. The problem also seems to affect RHEL 7.x and 8.x computers as well. However, it seems to be limited only to servers running on bare iron. RHEL virtual machines (VMs), which do not handle secure boot firmware, work fine.
RHEL is not the only Linux with this problem: CentOS 7.x and 8.x users also report issues. There have also been sporadic reports of Boothole boot issues with other Linux distributions.
A repair is on the way. Peter Allor, director of Red Hat’s Product Security Incident Response Team, told me:
“Red Hat has become aware of a possible issue with the solution for CVE-2020-10713, also known as the Bootjole, whereby some Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 systems may not successfully reboot after Apply the fix, require manual intervention to fix it. We are currently investigating this problem and will provide more information as it becomes available. “
Other Red Hat employees say the solution will be fixed soon. So if you haven’t patched yet, please wait. If you have and have problems, help is on the way.
