BD is aware of and currently monitoring a third-party vulnerability that impacts GRUB2 bootloader, a component that controls which operating system is booted on a system. This third-party vulnerability was recently discovered by a security vendor and is not specific to BD or our products. Additionally, we have not received any reports regarding this vulnerability being exploited on BD products.
CVE-2020-10713, which is referred to as “Boot Hole,” is a buffer overflow vulnerability that exists in the way GRUB2 parses the grub.cfg configuration file. This vulnerability impacts all versions of GRUB and systems using Secure Boot with the standard Microsoft UEFI Certificate Authority. If successfully exploited, an unauthorized user could potentially bypass the Secure Boot signature verification and execute arbitrary code during the boot process. To exploit this vulnerability, a threat actor would need physical access to the system and user privileges to execute this attack.
BD has not identified any products in scope of this third-party vulnerability however, we are continually evaluating all BD products for this third-party vulnerability. If any products are identified in scope, BD will provide an update within this notification.