CVE-2020-10713
CVE-2020-10713
Any plans to release a fix for Boot Hole?
Re: CVE-2020-10713
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
dasergatskov
- Posts: 2
- Joined: 2020/07/30 15:05:53
Re: CVE-2020-10713
Not sure if today's (2020-07-30) kernel update addresses this issue, but it kills UEFI boot on my computer reliably.
I reinstalled and run "dnf update" and on reboot it does not see my disk as bootable.
This is a Ryzen system and i do not use secure boot.
Sincerely,
Dmitri.
--
I reinstalled and run "dnf update" and on reboot it does not see my disk as bootable.
This is a Ryzen system and i do not use secure boot.
Sincerely,
Dmitri.
--
Re: CVE-2020-10713
Yes. Personally I would hold off on trying to put these on as there are several reports of it killing machines.
See the thread in the CentOS 7 forums too: viewtopic.php?f=47&t=75195
See the thread in the CentOS 7 forums too: viewtopic.php?f=47&t=75195
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2020-10713
Hello,
I have the same problem here.
I have installed a Centos 8.2 on an headless PC i use as a multi-purpose server (nextcloud, dhcp, dns, etc...). It's based on a basic installation with no desktop environnment. The system boots on UEFI and is installed on an NVME SSD.
This morning i saw that there was a kernel and grub2 update, so i updated it. Now i can't boot it anymore, i'm stuck at BIOS screen, not even on grub error.
I have tried to boot on my Centos USB and reach my system via the troubleshooting option. I can get my system and browse it with a chroot.
However i can't restore it to a functionnal state. I have tried some tutorials on reinstalling grub2 without success because i have no network access.
Hope there'll be an offline patch to correct this.
I have the same problem here.
I have installed a Centos 8.2 on an headless PC i use as a multi-purpose server (nextcloud, dhcp, dns, etc...). It's based on a basic installation with no desktop environnment. The system boots on UEFI and is installed on an NVME SSD.
This morning i saw that there was a kernel and grub2 update, so i updated it. Now i can't boot it anymore, i'm stuck at BIOS screen, not even on grub error.
I have tried to boot on my Centos USB and reach my system via the troubleshooting option. I can get my system and browse it with a chroot.
However i can't restore it to a functionnal state. I have tried some tutorials on reinstalling grub2 without success because i have no network access.
Hope there'll be an offline patch to correct this.
-
dasergatskov
- Posts: 2
- Joined: 2020/07/30 15:05:53
Re: CVE-2020-10713
This is being tracked upstream on https://bugzilla.redhat.com/show_bug.cgi?id=1861977 (for CentOS 8).
I think it would be useful to gather some data about the exact types of machine that are being affected here. Makes? models? BIOS/UEFI versions? Secure Boot on or off? using UEFI or Legacy BIOS? How you applied the update? (I've seen one report that said the GUI software updater broke it and running yum from the command line after restoring back to the old versions worked).
There is a separate bz entry for the same problem on CentOS 7 and that's https://bugzilla.redhat.com/show_bug.cgi?id=1862045 which I'll also post on the CentOS 7 thread of a similar nature.
I think it would be useful to gather some data about the exact types of machine that are being affected here. Makes? models? BIOS/UEFI versions? Secure Boot on or off? using UEFI or Legacy BIOS? How you applied the update? (I've seen one report that said the GUI software updater broke it and running yum from the command line after restoring back to the old versions worked).
There is a separate bz entry for the same problem on CentOS 7 and that's https://bugzilla.redhat.com/show_bug.cgi?id=1862045 which I'll also post on the CentOS 7 thread of a similar nature.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2020-10713
All these are VMs with UEFI and Secure Boot disabled.
KVM: 2 test VMs just to catch this sort of thing running on my workstation, both updated and booted fine.
KVM: 2 VMs running on a production server, both updated and booted fine.
HyperV: 3 VMs on a failover cluster. These failed. Fix was boot a rescue CD. chroot to /mnt/sysimge. Enable the network. SCP the older versions of shimx64.efi and shimx64-centos.efi to /boot/efi/EFI/centos. Reboots fine with the updated kernel. Does do a SELinux relabel with a reboot.
The strange part is I did a fresh install on the HyperV cluster and that VM boots fine with the updated files. So not sure what breaks during an update because the files clearly seem to work on the cluster.
KVM: 2 test VMs just to catch this sort of thing running on my workstation, both updated and booted fine.
KVM: 2 VMs running on a production server, both updated and booted fine.
HyperV: 3 VMs on a failover cluster. These failed. Fix was boot a rescue CD. chroot to /mnt/sysimge. Enable the network. SCP the older versions of shimx64.efi and shimx64-centos.efi to /boot/efi/EFI/centos. Reboots fine with the updated kernel. Does do a SELinux relabel with a reboot.
Code: Select all
uname -r
4.18.0-193.14.2.el8_2.x86_64
ll /boot/efi/EFI/centos/
total 7792
-rwx------. 1 root root 134 Jul 28 12:26 BOOTX64.CSV
drwx------. 2 root root 8192 Jul 28 16:46 fonts
-rwx------. 1 root root 4992 Oct 23 2019 grub.cfg
-rwx------. 1 root root 1024 Jul 30 09:58 grubenv
-rwx------. 1 root root 1893144 Jul 28 16:46 grubx64.efi
-rwx------. 1 root root 1160144 Jul 28 12:26 mmx64.efi
-rwx------. 1 root root 1205152 Jul 30 09:54 shimx64-centos.efi
-rwx------. 1 root root 1205160 Jul 28 12:26 shimx64-centos.old
-rwx------. 1 root root 1211224 Jul 30 09:54 shimx64.efi
-rwx------. 1 root root 1244480 Jul 28 12:26 shimx64.oldCode: Select all
uname -r
4.18.0-193.14.2.el8_2.x86_64
ll /boot/efi/EFI/centos/
total 5424
-rwx------. 1 root root 134 Jul 28 12:26 BOOTX64.CSV
drwx------. 2 root root 8192 Jul 28 16:46 fonts
-rwx------. 1 root root 5892 Jul 30 08:27 grub.cfg
-rwx------. 1 root root 1024 Jul 30 08:27 grubenv
-rwx------. 1 root root 1893144 Jul 28 16:46 grubx64.efi
-rwx------. 1 root root 1160144 Jul 28 12:26 mmx64.efi
-rwx------. 1 root root 1205160 Jul 28 12:26 shimx64-centos.efi
-rwx------. 1 root root 1244480 Jul 28 12:26 shimx64.efi
Re: CVE-2020-10713
Hello, I'm new here. I am posting because I need help applying this fix. I have a lot of work that is now locked in an unbootable laptop. If anyone could provide a step-by-step for a layman, it would be greatly appreciated.dasergatskov wrote: ↑2020/07/30 15:57:31Here is how to repair it:
https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c7
Dmitri.
--
If it's helpful in any way, the computer is a Samsung NP270E5J-XD2BR. Update that triggered the problem was performed via the "there's an update" notification pop-up.
Thank you for your help.
Re: CVE-2020-10713
Read the linked buzilla entries, at least one of them has instructions on how to boot from the DVD and fix this by backing things out.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke