Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Version 15.8 of Shim has been released by its maintainers to fix six security problems, one of which is a significant bug that, under some situations, might allow for remote code execution.

Under investigation as CVE-2023-40547 (CVSS score: 9.8), the flaw may be used to circumvent Secure Boot. The problem was found and reported by Microsoft Security Response Center (MSRC) employee Bill Demirkapi.

All of the major Linux distributions that utilize shim, including Red Hat, Ubuntu, Debian, and SUSE, have issued advisories regarding the security vulnerability.

Oracle’s Alan Coopersmith wrote on the Open Source Security mailing group oss-security that “the shim’s http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response read more Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *