GRUB2 Bootloader Vulnerability Affects Millions of Devices
A vulnerability in the GRUB2 (Grand Unified Bootloader version 2) bootloader could be exploited to run malicious firmware during startup. The issue affects most Linux devices and Windows devices that use Secure Boot. Researchers at Eclypsium discovered the issue and disclosed it to "including OS vendors, computer manufacturers, and CERTs" prior to public disclosure. Linux distributions have begun making fixes available, although not without hiccups: Red Hat's fix for the BootHole vulnerability is reportedly causing problems for some users - when the patch is installed, their systems will not boot.
This is an important vulnerability. Important, but not critical. Wait for your Linux distribution to address this. To exploit this issue, an attacker has to have root access on the system. It could provide a method for an attacker to retain more persistent access to a system. One more reason to "wipe and rebuild" vs. "clean" malware from affected systems. (And don't forget to wipe/reinstall grub as well.)
The Grub2 bootloader is used with more than just Linux distributions, which may be somewhat unexpected to learn, and the exploit can be used to write code into the UEFI firmware which may then require factory reset to recover. Make sure you know how to do that reset. Due to side-effects of the patch, test on representative devices before wide deployment.
Read more in
Bleeping Computer: BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows