Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability in it that gives attackers a way to take complete control of affected systems.
All Linux distributions that support Secure Boot, including Red Hat, Ubuntu, Debian, and SUSE are affected by the flaw, identified as CVE-2023-40547. The flaw is the most severe of six vulnerabilities in Linux shim that its maintainer Red Hat disclosed recently — and for which it has issued an update (shim 15.8). Bill Demirkapi, a researcher with Microsoft’s Security Response Center who discovered the bug and reported it to Red Hat, has described it as every Linux bootloader signed in the past decade.
Out-of-Bounds Write Error
In its advisory Red Hat said the bug had to do with the shim boot code trusting attacker-controlled values when parsing an HTTP response. “This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.”
The National Vulnerability Database (NVD) and Red Hat had slightly different takes on the severity of the vulnerability and its exploitability. The NVD assigned the bug a near maximum severity rating of 9.8 out of 10 on the CVSS 3.1 scale and identified it as something that an attacker could exploit over the network with little complexity and requiring no user interaction or privileges.
Red Hat gave the bug a more modest severity score of 8.3 and described it as exploitable only through an adjacent network and involving high attack complexity. It was an assessment that maintainers of the other affected Linux distros shared with Ubuntu, for instance, calling CVE-2023-40547 a “medium” severity bug and SUSE assigning it an “important” rating which typically is a notch lower than critical.
Red Hat explained the different severity scores thusly: “CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat’s score and impact rating can be different from NVD and other vendors.” Both the NVD and Red Hat though agreed on the vulnerability having a high impact on data confidentiality, integrity, and availability.
A shim bootloader is basically a small app that loads prior to the main operating system bootloader on Unified Extensible Firmware Interface (UEFI)-based systems. It acts as a bridge between the UEFI firmware and the main OS bootloaders, which in the case of Linux, is typically GRUB or system-boot. Its function is to verify the main OS bootloader before loading and running it.
Multiple Attack Vectors
Researchers from software supply chain security vendor Eclypsium identified three different paths that an attacker could take to exploit the vulnerability. One is via a man-in-the-middle (MiTM) attack, where the adversary intercepts HTTP traffic between the victim and the HTTP server that serves the files to support HTTP boot. “The attacker could be located on any network segment between the victim and the legitimate server.”
An attacker with enough privileges on a vulnerable system could also exploit the vulnerability locally by manipulating data in Extensible Firmware Interface (EFI) variables or on the EFI partitions. “This can be accomplished with a live Linux USB stick. The boot order can then be changed such that a remote and vulnerable shim is loaded on the system.”
An attacker on the same network as the victim can also manipulate the pre-boot execution environment to chain-load a vulnerable shim bootloader, Eclypsium said. “An attacker exploiting this vulnerability gains control of the system before the kernel is loaded, which means they have privileged access and the ability to circumvent any controls implemented by the kernel and operating system,” the vendor noted.
Some security experts, though, perceived the vulnerability as requiring a high degree of complexity and happenstance to exploit. Lionel Litty, chief security architect at Menlo Security, says the exploitation bar is high because the attacker would need to already have gained administrator privileges on a vulnerable device. Or they’d need to be targeting a device that uses network boot and also be able to perform a man-in-the-middle attack on the local network traffic of the targeted device.
“According to the researcher who found the vulnerability, a local attacker can modify the EFI partition to modify the boot sequence to then be able to leverage the vulnerability,” Litty says. “[But] modifying the EFI partition will require being a fully privileged admin on the victim machine,” he says.
If the device is using network boot and the attacker can do MITM on the traffic, then that’s when they can target the buffer overflow. “They would return a malformed HTTP response that would trigger the bug and give them control over the boot sequence at this point,” Litty says. He adds that organizations with machines using HTTP boot or pre-boot execution environment (PXE) boot should be concerned, especially if communication with the boot sever is in an environment where an adversary could insert themselves into the middle of traffic.
Shachar Menashe, senior director of security research at JFrog, says Red Hat’s assessment of the vulnerability’s severity is more accurate than NVDs “over-exaggerated” score.
There are two possible explanations for the discrepancy, he says. “NVD provided the score based on keywords from the description, and not a thorough analysis of the vulnerability,” he says. For example, assuming that “malicious HTTP request” automatically translates to a network attack vector.
NVD may also be alluding to an extremely unlikely worst-case scenario where the victim machine is already configured to boot via HTTP from a server outside the local network and the attacker already has control over this HTTP server. “This is an extremely unlikely scenario which would cause tons of trouble even unrelated to this CVE,” Shachar says.