Remote Code Execution Vulnerability in Shim Boot Support
CVE-2023-40547

8.3HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
25 January 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,220πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2023-40547?

CVE-2023-40547 is a critical remote code execution vulnerability located within the Shim boot support framework, which is commonly used to facilitate the secure boot process in various operating systems. This vulnerability arises from the system's ability to incorrectly trust and parse attacker-controlled values found in HTTP responses. If exploited, it allows an attacker to craft malicious HTTP requests during the early boot phase of the system, leading to complete system compromise. Such a flaw poses a significant threat to organizations relying on Shim for secure boot, as it can lead to unauthorized control and manipulation of sensitive system processes.

Technical Details

The vulnerability occurs specifically during the HTTP response parsing phase, where trusted values can be manipulated by an attacker. This manipulation results in an out-of-bounds write, which can be leveraged to execute arbitrary code on the target system. To successfully exploit CVE-2023-40547, an attacker must either perform a Man-in-the-Middle attack or compromise the boot server itself. The limited window of opportunity during the early boot phase heightens the risk, as it bypasses many security controls typically in place during the operating system's normal runtime.

Impact of the Vulnerability

  1. Complete System Compromise: Successful exploitation of this vulnerability can lead to an attacker gaining full control over the affected system, allowing them to execute arbitrary code and manipulate critical system operations.

  2. Increased Attack Surface during Boot: The fact that this vulnerability can be exploited at such an early stage in the boot process means that traditional security measures may not yet be active, making systems particularly vulnerable at this point.

  3. Potential for Widespread Exploitation: Given that Shim is widely used in various operating systems and devices, the existence of this vulnerability amplifies the potential impact across numerous platforms, potentially affecting many organizations that rely on secure boot mechanisms for system integrity.

Affected Version(s)

Red Hat Enterprise Linux 7 0:15.8-3.el7

Red Hat Enterprise Linux 7 0:15.8-1.el7

Red Hat Enterprise Linux 8 0:15.8-4.el8_9

News Articles

favicon imagegHacks Technology News

The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed - gHacks Tech News

Here is an overview of the August 2024 security updates that Microsoft released for its Windows operating systems.

5 months ago

favicon imageBNN Breaking

Critical Shim Vulnerability Affecting Linux Secure Boot: An In-depth Look

A serious vulnerability, CVE-2023-40547, discovered in Shim could lead to remote code execution. The bug affects Linux distributions supporting secure boot.

11 months ago

References

https://access.redhat.com/errata/RHSA-2024:1834
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1835
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1873
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Penetration Testing

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Bill Demirkapi (Microsoft Security Response Center) for reporting this issue.
.