The BootHole bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks. No simple patch or firmware update can fix the issue, according to Eclypsium researchers. The bug carries a high-severity CVSS rating of 8.2 (Red Hat deems it moderate in severity, and Microsoft characterizes it as important ). The bug is a buffer overflow vulnerability in the way that GRUB2 parses content from the GRub2 config file (grub.cfg)
Source: https://threatpost.com/billions-of-devices-impacted-secure-boot-bypass/157843/