News

Top Articles

Hover to load posts
IT Management

Top Articles

Hover to load posts
Infrastructure

Top Articles

Hover to load posts
Developer

Top Articles

Hover to load posts
Security

Top Articles

Hover to load posts
High Performance

Top Articles

Hover to load posts
Storage

Top Articles

Hover to load posts
Blog

Top Articles

Hover to load posts

SHARE

An inside look at CVE-2020-10713, a.k.a. the GRUB2 “BootHole”

Written By

DKBHS

Daniel Kiper;Alexandr Burmashev;John Haxby;Jan Setje-Eilers

Sep 17, 2020

This blog post by Oracle Linux engineers Daniel Kiper, Alexandr Burmashev, John Haxby and Jan Setje-Eilers tells the inside story of how the “BootHole” GRUB2 vulnerability was reported and resolved. Daniel and Alexsandr are maintainers for GRUB2 and are responsible for that code across all platforms. Oracle customers can find information about the impact of CVE-2020-10713 at this link.

As GRUB2 upstream maintainers, Oracle developers took the lead on both the disclosure coordination and the technical solutions. In their role as community maintainers for GRUB2, Daniel and Alexsandr were notified of the security vulnerability and immediately began analyzing the impact of these vulnerabilities, coordinating the cross-vendor industry response, and ensuring that this vulnerability would be fixed swiftly. In the end, this coordination effort would entail around 100 individuals from 18 companies.

CVE-2020-10713, the “BootHole” vulnerability, affects systems using UEFI Secure Boot signed operating systems and has a CVSS Base Score of 8.2.

DKBHS

Daniel Kiper;Alexandr Burmashev;John Haxby;Jan Setje-Eilers

Recommended for you...

Germany Puts Microsoft on Five Years Probation for Antitrust Bullying

For the next five years, Microsoft will be under the watchful eye of Germany’s Federal Cartel Office, which will be seeking to thwart any monopolistic activity coming from Redmond proactively.

brideoflinux

Oct 12, 2024

Linus Torvalds Expresses Frustration With Bcachefs Development Process

Linus Torvalds and Kent Overstreet clash over Bcachefs development process. Torvalds threatens to remove Bcachefs from Mainline kernel.

Senthil Kumar

Oct 7, 2024

Mozilla Thunderbird Lands On Android With New Beta Release

The popular open-source email client, Mozilla Thunderbird, has launched a beta version of its Android app with a range of new features and improvements.

Senthil Kumar

Oct 1, 2024

Tor and Tails Merge to Fight Global Surveillance and Censorship

Tor Project & privacy-focused Tails Linux distro join forces to boost global internet freedom and enhance online privacy. Here’s more on that!

Bobby Borisov

Sep 26, 2024

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Company

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information