Linux developers have addressed a new security flaw discovered in Shim, a component crucial for the boot process in Linux-based systems.
This vulnerability poses a significant risk by allowing the installation of malware that operates at the firmware level (secure boot bypass), presenting challenges for detection and removal.
Tracked as CVE-2023-40547, the flaw has been CVSS rated as “9.8 Critical” by NIST and “8.3 High” by Red Hat, indicating its severity.
Shim functions as a critical element in the early boot phase before the operating system initializes and has been found vulnerable to remote code execution. The flaw arises from the component’s trust in attacker-controlled values during HTTP response parsing.
This weakness enables threat actors to craft malicious HTTP requests, ultimately leading to a complete system compromise through controlled out-of-bounds write operations. Notably, exploitation of this vulnerability necessitates either a Man-in-the-Middle attack or compromise of the boot server, limiting its accessibility to attackers.