GRUB, the world's most popular Linux operating system boot loader, contains multiple vulnerabilities which were assigned a high severity level by experts. The developers have released 117 patches to fix all the flaws.

The security issue is rooted in a vulnerability known as BootHole. Using BootHole, attackers can bypass the Secure Boot feature and gain privileges on an attacked system.

As a result, the developers released a total of 117 patches that fix the eight vulnerabilities listed below:

CVE-2020-14372 (7.5 scores, high severity) - incomplete list of disallowed inputs;

CVE-2020-25632 (7.5 scores, high severity) - use-after-free;

CVE-2020-25647 (6.9 scores, medium severity) – out-of-bound write;

 CVE-2020-27749 (7.5 scores, high severity) - buffer overflow;

CVE-2020-27779 (7.5 scores, high severity) - improper authorization;

CVE-2021-3418 (6.4 scores, medium severity) – improper preservation of permissions;

CVE-2021-20225 (7.5 scores, high severity) - out-of-bound write;

CVE-2021-20233 (7.5 scores, high severity) - out-of-bound write.

Source: anti-malware.ru