This one looks pretty interesting:
Not necessarily interesting in the security hole, but in this:
That's going to streamline things - and hopefully not end up being a bad idea overall. It does mean that if one is vulnerable (in the future) then they're all vulnerable - but it also means that it's just one fix to resolve all of them.
GRUB2 SecureBoot Bypass 2021 and One Grub
There is a new set of Grub2 vulnerabilities that are going public today. The wiki page above explains them in detail. These updates will be released for the SecureBoot platforms that are signed by Canonical only. Which today are X64 and AA64 in UEFI terms (aka amd64/x86_64, and arm64/AAarch64)...
discourse.ubuntu.com
Not necessarily interesting in the security hole, but in this:
To ensure a unified approach, the version of GRUB2 for UEFI systems used in older Ubuntu releases is updated so that a single GRUB2 version can be used for all – this ensures that both the latest security fixes and mitigation features can be more easily adopted in these older releases.
That's going to streamline things - and hopefully not end up being a bad idea overall. It does mean that if one is vulnerable (in the future) then they're all vulnerable - but it also means that it's just one fix to resolve all of them.