Tag

Device Security Vulnerability

All articles tagged with #device security vulnerability

"Shim Bootloader Vulnerability Exposes Linux Secure Boot"
device-security-vulnerability2 years ago

"Shim Bootloader Vulnerability Exposes Linux Secure Boot"

A critical vulnerability (CVE-2023-40547) in the shim bootloader used by nearly all Linux distributions could allow for remote code execution and Secure Boot bypass. This flaw, discovered by Bill Demirkapi, could be exploited to achieve a Man-in-the-Middle attack and compromise the system before the kernel is loaded. Five other vulnerabilities were also fixed in shim version 15.8, including out-of-bounds reads and buffer overflows. Firmware security firm Eclypsium warned that exploiting this vulnerability grants the attacker privileged access and the ability to circumvent kernel and operating system controls.