A critical vulnerability in Shim may enable a network adversary to compromise a vulnerable Linux system by circumventing a secure boot.
Most Linux distributions use Shim, a small application that contains code and certificates to verify the bootloader during the boot process to support secure boot. The vulnerability, which was found in Shim’s handling of the HTTP protocol, results in an out-of-bounds write that may be used to execute remote code.
The vulnerability is tracked as CVE-2023-40547 and has a 9.8 CVSS score, per a NIST advisory. However, Red Hat rates the bug’s severity as “high,” giving it an 8.3 CVSS score.
Read More: Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.