Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available. CISA encourages administrators to test rigorously before applying patches as changes to the bootloader carry high operational risk.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.