Security Snippets: Linux systems exposed to boot loader attack

New vulnerability found in the boot process for Linux systems configured to boot over the network.

A high severity vulnerability could allow attackers to take over a Linux system. The vulnerability is in the shim software that supports Secure Boot, which is a standard that certain Linux distributions use to ensure that devices boot only with trusted software from the original equipment manufacturer.

Shim parses HTTP responses, which attackers can exploit to execute privileged code and circumvent any controls implemented by the kernel and the operating system. This flaw is only exploitable in the early boot phrase by attackers who perform a Man-in-the-Middle attack, alter the boot order using existing privileges, or use a preboot execution environment. It is only exploitable for systems that are configured to load the boot loader over the network, which is typically only large data centers.

To prevent against this risk, IT teams utilizing this boot configuration can update the Secure Boot chain of trust and update to new patched versions of shim.


Authored by Nathan Salminen and Soojin Jeong.

Nathan Salminen
Washington, D.C.
Soojin Jeong
Washington, D.C.


This website is operated by Hogan Lovells International LLP, whose registered office is at Atlantic House, Holborn Viaduct, London, EC1A 2FG. For further details of Hogan Lovells International LLP and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2024 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.