The Linux shim, a small piece of code used by many major Linux distributions during the secure boot process, has a remote code execution vulnerability that gives attackers a way to take complete control of affected systems .
All Linux distributions that support Secure Boot, included Red Hat, Ubuntu, Debian, AND SUSE are affected by the flaw, identified as CVE-2023-40547. The flaw is the most serious of six vulnerabilities in the Linux shim that its maintainer Red Hat recently disclosed and for which it released an update (thickness 15.8). Bill Demirkapi, a researcher at Microsoft’s Security Response Center who discovered the bug and reported it to Red Hat, described it as every Linux bootloader signed in the last ten years.
Out of bounds writing error
In its advisory, Red Hat said the bug had to do with the shim startup code trusting attacker-controlled values when parsing an HTTP response. “This flaw allows an attacker to craft a specific malicious HTTP request, leading to a fully controlled out-of-bounds write primitive and a complete system compromise.”
The National Vulnerability Database (NVD) and Red Hat had slightly different opinions on the severity of the vulnerability and its exploitability. THE NVD assigned the bug a near-maximum severity score of 9.8 out of 10 on the CVSS 3.1 scale and identified it as something an attacker could exploit on the network with little complexity and without requiring any user interaction or privileges.
Red Hat gave the bug a more modest severity score of 8.3 and described it as exploitable only through an adjacent network and involving high attack complexity. This was a rating that maintainers of other affected Linux distributions shared with Ubuntu, for example, calling CVE-2023-40547 a “medium” severity bug and SUSE giving it an “important” rating that is typically slightly lower than criticism.
Red Hat explained the different severity scores this way: “CVSS scores for open source components depend on vendor-specific factors (for example, version or build chain). Therefore, Red Hat’s score and impact may be different from NVD and other suppliers.” However, both NVD and Red Hat agree that the vulnerability has a high impact on data confidentiality, integrity and availability.
A shim bootloader is basically a small app that loads before the main operating system bootloader on Unified Extensible Firmware Interface (UEFI)-based systems. It works as a bridge between the UEFI firmware and the main operating system bootloaders, which in the case of Linux is typically GRUB or system-boot. Its function is to verify the bootloader of the main operating system before loading and running it.
Multiple attack vectors
Researchers from software supply chain Eclypsium security vendor identified three different routes that an attacker could use to exploit the vulnerability. The first occurs via a man-in-the-middle (MiTM) attack, where the adversary intercepts HTTP traffic between the victim and the HTTP server serving the files to support HTTP boot. “The attacker could be on any network segment between the victim and the legitimate server.”
An attacker with sufficient privileges on a vulnerable system could also exploit the vulnerability locally by manipulating data in Extensible Firmware Interface (EFI) variables or EFI partitions. “This can be achieved with an active Linux USB stick. The boot order can then be changed such that a remote, vulnerable shim is loaded onto the system.”
An attacker on the same network as the victim can also manipulate the pre-boot execution environment to chain-load a vulnerable shim bootloader, Eclypsium said. “An attacker who exploits this vulnerability gains control of the system before the kernel is loaded, meaning they have privileged access and the ability to bypass any controls implemented by the kernel and operating system,” the vendor noted.
Exaggerated gravity?
Some security experts, however, perceived that the vulnerability requires a high degree of complexity and randomness to exploit. Lionel Litty, chief security architect at Menlo Security, says the level of exploitation is high because the attacker would have already gained administrator privileges on a vulnerable device. Or they should target a device that uses network boot and also be able to perform a man-in-the-middle attack on the targeted device’s local network traffic.
“According to the researcher who discovered the vulnerability, a local attacker can modify the EFI partition to change the boot sequence and thus be able to exploit the vulnerability,” Litty says. “[But] to modify the EFI partition you will need to be an administrator with full privileges on the victim computer,” he says.
If the device uses network boot and the attacker can perform MITM on the traffic, that’s when they can target the buffer overflow. “They would return an invalid HTTP response which would trigger the bug and give them control over the boot sequence at this point,” Litty says. She adds that organizations with machines using HTTP boot or pre-boot execution environment (PXE) boot should be concerned, especially if communication with the boot server occurs in an environment where an adversary could get into the middle of traffic.
Shachar Menashe, senior director of security research at JFrog, says Red Hat’s assessment of the vulnerability’s severity is more accurate than NVD’s “over-exaggerated” rating.
There are two possible explanations for the discrepancy, he says. “NVD provided the score based on keywords in the description and not on an in-depth analysis of the vulnerability,” she says. For example, assuming that “malicious HTTP request” automatically results in a network attack vector.
NVD could also allude to an extremely unlikely worst-case scenario where the victim machine is already configured to boot via HTTP from a server outside the local network and the attacker already has control over this HTTP server. “This is an extremely unlikely scenario that would cause a lot of problems even unrelated to this CVE,” Shachar says.