CVE-2020-10713

[TrevorH]

What should I do? It took like 10 years of my like to configure this centOS 8 and now this problem.

Read this thread, read the linked bugzilla entries, revert the updates.

[jepachecoh]

I can confirm this issue and found something I think is kind of odd.

Updated three of my servers to Linux 4.18.0-193.14.2.el8_2.x86_64 on x86_64 and two never boot up again.

Bricked servers had SSD disks installed the only server running on a non-SSD disk is happy and snappy.

I have been trying to boot using a previous kernel with no luck...

[warron.french]

Reading through the steps from the link you provided TrevorH (https://bugzilla.redhat.com/show_bug.cgi?id=1861977#c16) I can get the machine to boot into a chroot'd jail (!yay! with a little sarcasm); however, I cannot configure the wireless network interface to get an Wireless connection and IP address.

Does anyone have the appropriate steps determined and ready to share to backout the packages most recently updated? This is a nightmare.

Hi,

I'm kind of stuck too. The instructions given in bugzilla are not enough to restore my Centos to a functionning state too as TrevorH suggested.

After a chroot, i can't use grub2-mkconfig because my /dev contains only /dev/null. The only way to access something is to "mount --bind /dev /mnt/sysimage/dev" before going inside the chroot /mnt/sysimage.

But even after that, i can make a grub.cfg but the whole directory structure of my grub seems off. There is nothing inside my /boot/efi/, i had to mkdir EFI and EFI/centos inside my /boot/efi/. This feels like this problem can't be solved in a clean way easily.

No post in the bugzilla talks about that.

@warron.french: if, as your name suggest, you're french, you can pm me, i'm french too, maybe we can help each other.

@Suranovi, I totally get why you would think I am French; however, I am not, I am actually American. But I do read/write/speak French, just not on a business level, more like an idiot on vacation that can request a beer.

Garçon, un bière, s'il vous plait.

But I am always willing to improve my language skills, considering I also speak other languages.

[warron.french]

This bug is from RHEL, not CentOS.

I understand, but doesn't anyone test these patches before releasing critical failures such as this?

[warron.french]

I experienced precisely the same errors that neige did.

I am glad you were able to copy/paste that data into the forum Neige.

[waffle]

I tried the yum downgrade approach, but that failed with messages the the minimum version was already installed. To get around that, I fetched the previous versions manually from http://mirror.centos.org/centos-8/8.2.2 ... /Packages/ and specified all of those manually.

Code: Select all

yum downgrade \
    grub2-common-2.02-81.el8.noarch.rpm \
    grub2-efi-x64-2.02-81.el8.x86_64.rpm \
    grub2-pc-2.02-81.el8.x86_64.rpm \
    grub2-pc-modules-2.02-81.el8.noarch.rpm \
    grub2-tools-2.02-81.el8.x86_64.rpm \
    grub2-tools-efi-2.02-81.el8.x86_64.rpm \
    grub2-tools-extra-2.02-81.el8.x86_64.rpm \
    grub2-tools-minimal-2.02-81.el8.x86_64.rpm \
    shim-x64-15-11.el8.x86_64.rpm

Having done that, I was able to reboot, go through the selinux relable, and reboot again normally.

[sneh3127]

My CentOS System had vmlinuz-4.18.0-193.6.3.el8_2.x86_64 kernel and was working perfectly fine until I ran dnf update and updated to vmlinuz-4.18.0-193.14.2.el8_2.x86_64. During updating process there was an error message like error: lsetfilecon: (/boot/efi/EFI/centos, system_u:object_r:boot_t:s0) Operation not supported

Now the system is not booting and while booting it is showing an error that Failed to Start Switch Root.
I would appreciate it for helping me.

[warron.french]

sneh3127,
you have to find a way to reboot with an ISO and enter Troubleshooting Mode.

Then when in Troubleshooting method you are expected to yum undo/yum erase the last set of packages you installed.

Maybe someone else can verify, but I believe you require networking to perform the yum commands to reverse the state of the baseline of your machine.

The problem I have experienced is I cannot get networking to work in Troubleshooting Mode under the chroot jail.

[Nacho]

My genius brother helped me activate network outside of chroot:

Code: Select all

 ip addr add <pick an IP-address, in my case 192.168.178.51/24> dev <name of your network controller, in my case eno2>
 ip link set dev <name of your network controller> up
 route add -net 0.0.0.0/0 gw <IP-address of your router>
 

However I still didn't get to recover GRUB2
I hope that helps!

[Nacho]

I tried this, but it tells me

Code: Select all

Can not load RPM file: (...)
Error: No packages marked for downgrade.

I tried the yum downgrade approach, but that failed with messages the the minimum version was already installed. To get around that, I fetched the previous versions manually from http://mirror.centos.org/centos-8/8.2.2 ... /Packages/ and specified all of those manually.

Code: Select all

yum downgrade \
    grub2-common-2.02-81.el8.noarch.rpm \
    grub2-efi-x64-2.02-81.el8.x86_64.rpm \
    grub2-pc-2.02-81.el8.x86_64.rpm \
    grub2-pc-modules-2.02-81.el8.noarch.rpm \
    grub2-tools-2.02-81.el8.x86_64.rpm \
    grub2-tools-efi-2.02-81.el8.x86_64.rpm \
    grub2-tools-extra-2.02-81.el8.x86_64.rpm \
    grub2-tools-minimal-2.02-81.el8.x86_64.rpm \
    shim-x64-15-11.el8.x86_64.rpm

Having done that, I was able to reboot, go through the selinux relable, and reboot again normally.