RedHat fixes a serious problem with the Linux shim bootloader

A serious vulnerability that could have allowed an attacker to take control of a Linux system before the kernel was loaded has been fixed by the RedHat shim maintainers.

When operating correctly, a shim serves as an early bootloader that is mostly utilized to enable Linux distributions to facilitate the Secure Boot procedure. Because it is signed by Microsoft's Third-Party Certificate Authority, the shim can now legitimately participate in Secure Boots, which are the default configuration for most systems.

Security experts were particularly concerned about the significant vulnerability, CVE-2023-40547, since it may allow an attacker to take over a system and circumvent the security measures that Secure Boot enforces. The vulnerability could be used by an attacker to take over or interfere with the boot process entirely using a number of different attack vectors.

The bug was found and reported by Microsoft Security Response Center (MSRC) employee Bill Demirkapi. A comprehensive description of the flaw was provided in an Eclypsium blog post on February 6.

According to the Eclypsium blog, the flaw affects both server and end user Linux systems that employ Secure Boot. Security experts may initially believe that the flaw only affects RedHat computers; however, according to the researchers, updates were being applied to various other Linux distributions, such as SUSE, Ubuntu, and Debian. In addition to the critical defect that was found, S=shim also had five other medium-severity bugs.