February 7, 2024 at 10:57AM
A critical vulnerability in the Shim Linux bootloader allows attackers to execute code and take control of a system before the kernel loads, bypassing existing security measures. The flaw, known as CVE-2023-40547, was identified by Microsoft’s Bill Demirkapi. It can be exploited through various attack points and affects Linux distributions utilizing Shim. Various fixes and updates are available to address this security issue.
From the meeting notes, it’s clear that a critical vulnerability, known as CVE-2023-40547, has been detected in the Shim Linux bootloader. This flaw, discovered by Microsoft’s security researcher Bill Demirkapi, allows attackers to execute code and take control of a system before the kernel is loaded, bypassing important security mechanisms.
The vulnerability resides in Shim’s parsing of HTTP responses, enabling an attacker to create specially crafted HTTP requests to cause an out-of-bounds write. As a result, an attacker can compromise a system by executing privileged code before the operating system loads, effectively bypassing security mechanisms implemented by the kernel and the OS.
The impact and fixes for this vulnerability have been outlined in the meeting notes. Red Hat issued a code commit to fix CVE-2023-40547 on December 5, 2023, and Linux distributions supporting Secure Boot and using Shim need to push their own patches. Linux users are advised to update to the latest version of Shim, v15.8, which contains a fix for CVE-2023-40547 and five other important vulnerabilities. Additionally, Linux users must update the UEFI Secure Boot DBX (revocation list) to include the hashes of the vulnerable Shim software and sign the patched version with a valid Microsoft key.
It’s important for Linux users to follow these steps to ensure their systems are secure. Finally, it’s noted that although unlikely to be mass-exploited, CVE-2023-40547 is a serious bug that should not be ignored, given the potential for executing code before the OS boots.