- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Linux Devs Rush to Patch Critical Vulnerability in Shim
Linux developers have addressed a new security flaw discovered in Shim, a component crucial for the boot process in Linux-based systems.
This vulnerability poses a significant risk by allowing the installation of malware that operates at the firmware level (secure boot bypass), presenting challenges for detection and removal.
Tracked as CVE-2023-40547, the flaw has been CVSS rated as “9.8 Critical” by NIST and “8.3 High” by Red Hat, indicating its severity.
“There is a difference in how NVD and vendors evaluate the sensitivity of the vulnerability. Red Hat, for instance, argues in their CVSSV3 score that the attack is high complexity and through an adjacent network vector,” explained Balazs Greksza, threat response lead at Ontinue.
“NVD thinks it’s low complexity and through a direct network. The servers actually exploitable through CVE-2023-40547 need to be configured to use HTTPBoot. The attacker must know which HTTP Server is used to serve the malicious firmware for using HTTPBoot.”
Shim functions as a critical element in the early boot phase before the operating system initializes and has been found vulnerable to remote code execution. The flaw arises from the component’s trust in attacker-controlled values during HTTP response parsing.
This weakness enables threat actors to craft malicious HTTP requests, ultimately leading to a complete system compromise through controlled out-of-bounds write operations. Notably, exploitation of this vulnerability necessitates either a Man-in-the-Middle attack or compromise of the boot server, limiting its accessibility to attackers.
“The bar to leverage this is high,” commented Lionel Litty, chief security architect at Menlo Security. “What stands out here is that this is a particularly insidious one [vulnerability] that goes to the core of the startup sequence, right after the firmware is loaded. If you use network boot or if you operate in a high-security environment that leverages secure boot to measure your devices, you should be paying attention.”
The urgency to address this critical issue prompted the release of Shim version 15.8 by its maintainers. This update not only patches the aforementioned vulnerability but also addresses five additional security flaws.
The bug discovery and reporting have been credited to Bill Demirkapi from the Microsoft Security Response Center (MSRC).
