"Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros"
The Shim maintainers have released version 15.8 to fix six security flaws, including a critical bug that could enable Remote Code Execution (RCE) under certain conditions. Shim is described as a "trivial" software package designed to serve as a first-stage boot loader on Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, tracked as CVE-2023-40547 with a CVSS score of 9.8, could be exploited to bypass Secure Boot. According to Bill Demirkapi of the Microsoft Security Response Center (MSRC) who discovered and reported the bug, it impacts every Linux boot loader signed in the past ten years. This article continues to discuss the critical boot loader vulnerability in Shim.
THN reports "Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros"
Submitted by grigby1