Linux Shim Bootloader Flaw Expose Most Linux Distros to Code Execution Attacks
Posted: Wed Dec 18, 2024 11:51 am
Shim is a small application used by open-source projects and other third parties for verifying and running the bootloader (typically GRUB2). The application was developed specifically to circumvent legal issues arising from license compatibility.
Shim has become a critical piece of software for many Linux distributions to support secure boot. However, it has been discovered with a new vulnerability related to out-of-bounds written in HTTP protocol handling that could allow a threat actor to compromise a victim machine completely. This vulnerability has been assigned with CVE-2023-40547, and the severity has been given as 9.8 (Critical).
https://cybersecuritynews.com/linux-shi ... ader-flaw/
Shim has become a critical piece of software for many Linux distributions to support secure boot. However, it has been discovered with a new vulnerability related to out-of-bounds written in HTTP protocol handling that could allow a threat actor to compromise a victim machine completely. This vulnerability has been assigned with CVE-2023-40547, and the severity has been given as 9.8 (Critical).
https://cybersecuritynews.com/linux-shi ... ader-flaw/