Buffer Overflow Vulnerability in GRUB2 Bootloader Disclosed (

Buffer Overflow Vulnerability in GRUB2 Bootloader Disclosed (CVE-2020-10713)

Researchers at Eclypsium disclosed a buffer overflow vulnerability in the GRand Unified Bootloader version 2 (GRUB2) on July 29. Identified as CVE-2020-10713, the researchers credited with its discovery call it “BootHole,” because it is a “hole” (or flaw) in a system’s “boot” process. Exploitation is not straightforward, as there are some prerequisites needed to exploit it. This follows 2013 research into a Secure Boot bypass from the same researchers. Because the flaw resides in GRUB2, a number of vendors are affected including Microsoft, Red Hat, Debian and more.

For more information about the vulnerability, including the list of affected vendors, availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Buffer Overflow Vulnerability in GRUB2 Bootloader Disclosed (

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia