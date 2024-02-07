A critical vulnerability in Shim, a crucial component used by most Linux distributions during the boot process to support secure boot, has been identified. Tracked as CVE-2023-40547, the flaw allows a network attacker to bypass secure boot and take control of a vulnerable Linux system. This vulnerability arises from Shim’s HTTP protocol handling, leading to an out-of-bounds write that could be exploited for remote code execution. Red Hat assesses the bug as ‘high severity,’ while the NIST advisory assigns it a CVSS score of 9.8. Attackers could intercept HTTP traffic to deliver malicious requests or manipulate PXE to load a vulnerable Shim bootloader, gaining privileged access to the system before the kernel is loaded. Resolving the vulnerability requires updating Shim to a patched version and refreshing the UEFI Secure Boot DBX revocation list. Additionally, five other high- and medium-severity vulnerabilities in Shim have been disclosed, posing risks such as crashes, denial-of-service, or data leakage during system boot.

