Shim is a small application used by open-source projects and other third parties for verifying and running the bootloader (typically GRUB2). The application was developed specifically to circumvent legal issues arising from license compatibility.
Shim has become a critical piece of software for many Linux distributions to support secure boot. However, it has been discovered with a new vulnerability related to out-of-bounds written in HTTP protocol handling that could allow a threat actor to compromise a victim machine completely. This vulnerability has been assigned with CVE-2023-40547, and the severity has been given as 9.8 (Critical).
https://cybersecuritynews.com/linux-shi ... ader-flaw/