Critical Shim vulnerability exposes most Linux systems to attack

Updated on February 11, 2024
Critical Shim vulnerability exposes most Linux systems to attack

Shim is a small application with certificates and code to verify the bootloader and is used by most Linux distributions during the boot process to support secure boot. However, Linux developers discovered a new security flaw, and the vulnerability poses a huge security risk by enabling the installation of Malware operating at the firmware level, which makes it challenging for detection and removal.

Tracked as CVE-2023-40547, it has a CVSS score of 9.8 by NIST and 8.3 High by Red Hat, indicating the situation’s severity. Red Hat’s advisory states:

“The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.”

An attacker can intercept HTTP traffic between the victim system and the server delivering files to support the HTTP boot, as explained by supply chain risk management firm Eclypsium in a technical writeup.

Lionel Litty, the Chief Security Architect at Menlo Security, notes:

“The bar to leverage this is high. What stands out here is that this is a particularly insidious one [vulnerability] that goes to the core of the startup sequence right after the firmware is loaded. You should pay attention if you use network boot or operate in a high-security environment that leverages secure boot to measure your devices.”

The firm Eclypisum explains that to resolve this vulnerability, it is required to update Shim to a patched version and secure the boot chain of trust by refreshing the UEFI Secure Boot DBX (revocation list). The urgency to address this issue also leads to the release of Shim version 15.8. This update not only patches the vulnerability but uncovers five additional security flaws that lead to crashes, denial-of-service (DoS), and leakage of sensitive data during the system boot.

Add An Extra Layer of Protection With A VPN For Linux

VPN encrypts your internet traffic and masks your IP address, keeping your data safe and secure from malicious actors. Since your data is routed through a secure and encrypted VPN tunnel, your data cannot be intercepted and deciphered by threat actors. 

AstrillVPN is your go-to provider when you want to use a VPN for Linux. In case of a data breach or a Malware attack, you can rest easy knowing your data is safe. AstrillVPN offers additional security features to protect sensitive and confidential data, including a strict No Logs Policy, a Kill Switch feature, Smart Mode, and robust protocols, including OpenVPN and Wireguard. Wireguard uses state-of-the-art cryptographic techniques to protect your data from external threats.

Was this article helpful?
Thanks for your feedback!

About The Author

Urfa Sarmad

Urfa is a business management graduate who delved into the world of tech, data privacy and cybersecurity and has been writing tech and privacy related content ever since. In her free time.

No comments were posted yet

Leave a Reply

Your email address will not be published.

Reload Image