Security News > 2024 > February > Critical flaw in Shim bootloader impacts major Linux distros
A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.
Shim is a small open-source bootloader maintained by Red Hat that is designed to facilitate the Secure Boot process on computers using Unified Extensible Firmware Interface.
Shim was created out of necessity to allow open-source projects such as Linux distributions to benefit from Secure Boot's advantages, such as preventing unauthorized or malicious code execution during boot, while still maintaining control over hardware.
C source for Shim, which is used to boot a network image over HTTP. "When retrieving files via HTTP or related protocols, shim attempts to allocate a buffer to store the received data," reads the commit to fix the bug in httpboot.
A local attacker with sufficient privileges can modify EFI Variables or the EFI partition using a live Linux USB to alter the boot order and load a compromised shim, executing privileged code without disabling Secure Boot.
RedHat issued a code commit to fix CVE-2023-40547 on December 5, 2023, but Linux distributions supporting Secure Boot and using Shim need to push their own patches.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2023-40547 | Out-of-bounds Write vulnerability in Redhat Enterprise Linux and Shim A remote code execution vulnerability was found in Shim. | 8.3 |