There is a new vulnerability in Grub2 called BootHole that can allow an attacker to compromise the bootloading process and insert /execute malicious code during the boot-loading process. But how serious is BootHole? What kind of Linux systems does it affect? There are already patches, but are they effective? We can’t get rid of bugs that at times become vulnerabilities, is there any way to keep our systems secure despite these bugs? We tried to get answers to these questions from Archis Gore, CTO of Polyverse, a company that specializes in securing Linux based systems.
Polyverse is a sponsor of TFiR.