Sometimes the cure is really worse than the disease. The recently revealed Boothole security issue with GRUB2 and Secure Boot could theoretically be used to attack Linux systems. Virtually the only vulnerable Linux systems are those that an attacker has already successfully compromised. However, there was damage, and almost all of the company’s Linux distributors released patches. Unfortunately, at least one – Red Hat – failed the fix.
Many users report that by fixing Red Hat Enterprise Linux (RHEL) 8.2, it made their systems unusable. The issue also appears to affect RHEL 7.x and 8.x computers. However, it seems to be limited to servers running on bare iron. RHEL virtual machines (VMs) that are not associated with Secure Boot firmware work well.
RHEL is not the only Linux with this problem: CentOS 7.x and 8.x users also report problems. Boothole boot issues have repeatedly been reported with other versions of Linux.
Repairs are currently underway. Peter Allor, director of Red Hat̵7;s Product Safety Incident Response Team, told me:
Red Hat has been notified of a potential fix for CVE-2020-10713, also known as Bootjole, where some Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 systems may fail to restart after application repair requiring manual intervention to correct it. We are currently investigating this issue and will provide more information as soon as it becomes available. “
Other Red Hat employees say the fix will come soon. So if you haven’t fixed it yet, stick with it. If you have and have problems, help is on the way.