A vulnerability has been discovered in the GRUB2 boot loader that affects versions dating back to 2009. GRUB2 is the default boot loader for a variety of popular Linux distributions including Ubuntu, Red Hat and Debian. The vulnerability can be exploited by pressing the backspace button 28 times when the boot loader asks for your username. This sequence of keys places the user into a “rescue shell”. An attacker could leverage this shell to access confidential data or install persistent malware.
It’s worth noting that the vulnerability requires access to the system’s console. Even if your organization has proper physical security controls in place, this issue should still be addressed as soon as possible. Ubuntu, RedHat and Debian have already released patches for this vulnerability.