Shim is a software component that enables Linux systems to support Secure Boot, a security feature that ensures only trusted code can run during the boot process. However, a critical vulnerability has been discovered in shim that could allow attackers to bypass Secure Boot and execute malicious code at the firmware level, compromising the entire system and its data. This vulnerability, tracked as CVE-2023-40547, affects most Linux distributions that use shim, such as Debian, Red Hat, SUSE, and Ubuntu123.
In this blog post, we will explain what the shim vulnerability is, how it can be exploited, and what steps you can take to protect your Linux systems from this threat.
What is the Shim vulnerability
The shim vulnerability is a buffer overflow that occurs when shim handles HTTP boot requests. HTTP boot is a feature that allows systems to boot from a network server using the HTTP protocol. Shim supports HTTP boot by parsing and validating the HTTP response headers and the content length of the boot file.
However, shim does not properly check the size of the buffer that stores the HTTP response headers, and copies more data than the buffer can hold. This results in a buffer overflow, which can corrupt the memory and cause shim to crash or execute arbitrary code4.
An attacker can exploit this vulnerability by sending a specially crafted HTTP response to a system that is booting from HTTP, or by intercepting and modifying a legitimate HTTP response from a server. The attacker can then run malicious code at the firmware level, bypassing Secure Boot and gaining full control of the system.
How to Prevent the Shim Vulnerability
The shim vulnerability is a serious threat that can compromise the security and integrity of your Linux systems. Therefore, it is highly recommended to apply the latest patches and updates from your Linux distributor as soon as possible. The following table shows the patch versions and links for some of the major Linux distributors:
| Linux Distributor | Patch Version | Patch Link |
|---|---|---|
| Debian | shim-signed 1.40.6+15.8 | Debian Security Advisory |
| Red Hat | shim-x64 15.8-1.el8 | [Red Hat Security Advisory] |
| SUSE | shim 15.8-1.1 | [SUSE Security Update] |
| Ubuntu | shim-signed 1.52+15.8 | [Ubuntu Security Notice] |
To install the patches, you can use the package manager of your Linux distribution, such as apt, yum, zypper, or snap. For example, on Ubuntu, you can run the following command:
sudo apt update && sudo apt upgrade
Alternatively, you can download the patches manually from the links provided and install them using the dpkg or rpm commands. For example, on Debian, you can run the following command:
sudo dpkg -i shim-signed_1.40.6+15.8_amd64.deb
After installing the patches, you may need to reboot your system to apply the changes.
