Linux bootloader shim reported to carry critical vulnerability
Take action: This vulnerability is relevant for terminals or devices that boot from a network server. Anything else requires that the attacker already compromised the network and significant systems. It's mostly for awareness purposes and considering risks in proper design.
Linux developers are currently addressing a high-severity flaw within shim, a critical bootloader component utilized across nearly all Linux distributions. Shim is instrumental in the secure boot process, a security measure integrated into the majority of contemporary computing devices designed to verify that each stage of the boot sequence is sourced from a verified and trustworthy supplier.
This vulnerability, tracked as CVE-2023-40547 (CVSS score 9.8), exposes a buffer overflow issue that, if exploited, could enable the execution of malware at the firmware level. Such an attack would be particularly dangerous, as it would occur at the very start of the boot process, before the operating system initiates and before control is handed over from the Unified Extensible Firmware Interface (UEFI) firmware, making detection and removal of the malware extremely challenging.
The flaw arises within a segment of shim that handles booting from a central server via HTTP. This vulnerability can be exploited in various scenarios, most of which involve some level of initial compromise of the target device, the server, or the network from which the device boots.
Key scenarios for exploitation include:
- Compromising or impersonating a server to target a device configured to boot via HTTP.
- Gaining physical access to a device or obtaining administrative rights through another vulnerability.
The flaw is not trivial to exploit - it requires that attackers either manipulate a Linux system into booting from HTTP when it's not configured to do so, or to control the HTTP boot server or intercept its traffic. This means a very high level of compromise already in place.
The risk is somewhat mitigated if servers switch to HTTPS, which includes server authentication, as attackers would then need to forge a digital certificate to masquerade as a legitimate boot firmware provider.