In the early morning, an urgent error occurred in the Red Hat bugzilla bug tracker. One user found that security update RHSA_2020: 321
The patches should address a newly discovered vulnerability in the GRUB2 boot manager BootHole. The vulnerability itself has given system attackers the ability to potentially install “bootkit” malware on a Linux system, although this system is protected with UEFI Secure Boot.
RHEL and CentOS
Unfortunately, the patches from Red Hat on GRUB2 and the kernel no longer make the patched systems bootable after use. The issue has been confirmed to affect RHEL 7.8 and RHEL 8.2, and can also affect RHEL 8.1 and 7.9. The distribution of RHEL CentOS derivatives is also affected.
Red Hat is currently advising users not to apply the GRUB2 security patches (RHSA-2020: 3216 or RHSA-2020: 3217) until these issues are resolved. If you manage a RHEL or CentOS system and believe you have installed these patches, Do not restart your system. Downgrade the affected packages with
sudo yum downgrade shim* grub2* mokutil and configure
yum do not update these packages by adding them temporarily
exclude=grub2* shim* mokutil to
If you’ve already applied and tried the patches (and failed), boot from an RHEL or CentOS DVD in troubleshooting mode, set up the network, and follow the steps above to restore your system to functionality.
Although the bug was first reported in Red Hat Enterprise Linux, it appears that related bug reports from other distributions from different families are also provided. Ubuntu and Debian users are reporting systems that cannot start after installing GRUB2 updates, and Canonical has issued a notice with instructions on how to restore them on affected systems.
Although the effects of the GRUB2 error are similar, the scope can vary from distribution to distribution. So far, the Debian / Ubuntu GRUB2 error only affects systems that start in BIOS mode (not in UEFI mode). Ubuntu’s has already been fixed
proposed Repository, tested and released for its
updates Repository. The updated and published packages,
grub2 (2.02~beta2- and
grub2 (2.04-1ubuntu26.2) focalshould solve the problem for Ubuntu users.
For Debian users, the fix is available in a newly committed package
We currently have no word on bugs or effects of GRUB2 BootHole patches on other distributions such as Arch, Gentoo or Clear Linux.