device-security-vulnerability2.41 min read "Shim Bootloader Vulnerability Exposes Linux Secure Boot"
A critical vulnerability (CVE-2023-40547) in the shim bootloader used by nearly all Linux distributions could allow for remote code execution and Secure Boot bypass. This flaw, discovered by Bill Demirkapi, could be exploited to achieve a Man-in-the-Middle attack and compromise the system before the kernel is loaded. Five other vulnerabilities were also fixed in shim version 15.8, including out-of-bounds reads and buffer overflows. Firmware security firm Eclypsium warned that exploiting this vulnerability grants the attacker privileged access and the ability to circumvent kernel and operating system controls.
2 years ago•Source: The Hacker News