2 min Security

Bug affects Linux systems: major risk to firmware

Bug affects Linux systems: major risk to firmware

The vulnerability allows hackers to execute code early in a device’s boot. Virtually all Linux distributions are affected by this bug.

Security developer Matthew Garrett warns of this. The vulnerability is in shim, a component that runs during the boot process. Shim performs tasks even before the operating system is booted and is present in most modern devices. Shim usually acts as a protection component by checking that each link in the boot process comes from a verified, trusted vendor.

Shim now contains the vulnerability that allows an attacker to execute a malicious HTTP request. This allows the hacker to penetrate deep into a device’s core, where it is difficult to detect and remove malicious practices. “In reality it gives them code execution before ExitBootServices,” Garrett points out. “That means a much larger attack surface against the firmware—the usual assumption is that only trusted code is running before ExitBootServices.”

Since the bug resides in most Linux systems and the impact of abuse can be significant, a fix is necessary. The overseeing Linux shims developers have released a patch for individual shim developers. Currently, creators of Linux distributors are implementing the patch. General availability of the patch is still pending.

Tip: Linux IoT devices vulnerable to self-spreading botnet