To mitigate the new "BootHole" vulnerability, the teams at Red Hat, Debian, SUSE, and Canonical have released new security updates for their Linux distros RHEL, Ubuntu, openSUSE, and Debian 10 "buster."
For real, I’m struggling to imagine a situation where a user has root access and can edit the GRUB2 config file and doesn’t already completely own that device.
For real, I’m struggling to imagine a situation where a user has root access and can edit the GRUB2 config file and doesn’t already completely own that device.
Yeah, it seems like a pretty limited vulnerability in practice.