New vulnerability found in the boot process for Linux systems configured to boot over the network.
A high severity vulnerability could allow attackers to take over a Linux system. The vulnerability is in the shim software that supports Secure Boot, which is a standard that certain Linux distributions use to ensure that devices boot only with trusted software from the original equipment manufacturer.
Shim parses HTTP responses, which attackers can exploit to execute privileged code and circumvent any controls implemented by the kernel and the operating system. This flaw is only exploitable in the early boot phrase by attackers who perform a Man-in-the-Middle attack, alter the boot order using existing privileges, or use a preboot execution environment. It is only exploitable for systems that are configured to load the boot loader over the network, which is typically only large data centers.
To prevent against this risk, IT teams utilizing this boot configuration can update the Secure Boot chain of trust and update to new patched versions of shim.
Authored by Nathan Salminen and Soojin Jeong.
Are you sure want to delete comment ?
Scan this QR Code to share this content
