148

Critical vulnerability affecting most Linux distros allows for bootkits (arstechnica.com)

submitted 4 months ago by SeeJayEmm@lemmy.procrastinati.org to c/linux@lemmy.ml

28 comments fedilink hide all child comments

all 29 comments

sorted by: hot top controversial new old

[-] Nibodhika@lemmy.world 131 points 4 months ago

I love how every time I read a "Critical" vulnerability in Linux it's essentially "The user must leave their computer completely unlocked in an accessible area for a long period of time. Also he needs this very specific combination of programs running in these specific versions. Ah, and the planets have to be aligned for it to work. If all of these happen, an attacker might glimpse at your desktop wallpaper, so definitely critical".

[-] tourist@lemmy.world 62 points 4 months ago

not trying to sound like an internet badass but if I find someone in my home fucking with my config files I will kill them with a hammer

[-] Scio@kbin.social 25 points 4 months ago

I would at the very least break their fingers if they touch my keyboard.

No hammer needed...

[-] cyberic@discuss.tchncs.de 10 points 4 months ago

This made me think of a custom keyboard with a mousetrap arm at the top to break the fingers of would-be typers.

[-] Rustmilian@lemmy.world 7 points 4 months ago

Mousetrap keyboard + Suicide Linux

[-] SAF77@lemmy.world 5 points 4 months ago

But I bet it's more fun with a hammer.

[-] MyNameIsRichard@lemmy.ml 7 points 4 months ago

But you could damage the keyboard

[-] SheeEttin@programming.dev 4 points 4 months ago

Not my Model M.

[-] 567PrimeMover@kbin.social 2 points 4 months ago

The Model M IS the weapon

[-] SAF77@lemmy.world 2 points 4 months ago

That's collateral damage I'm willing to risk 🤣

[-] displaced_city_mouse@midwest.social 7 points 4 months ago

My first reaction would be to acknowledge them as a fellow geek, but that's because most of the people who live near me would hurt themselves trying to open Notepad. Anyone who knows enough to start hacking my config files would be a welcome guest in my house.

Then I'd kill them with a hammer. :-)

[-] dsemy@lemm.ee 63 points 4 months ago

This is a vulnerability in shim, which is a UEFI "bootloader" used by distros mainly to allow booting with the "stock" (Microsoft) secure boot keys.

If you don't use secure boot or don't use shim (likely if you use your own keys), this doesn't affect you at all.

In any case this "critical vulnerability" mainly affects machines relying on shim which also boot over unencrypted HTTP.

[-] alliswell33@lemmy.sdf.org 8 points 4 months ago* (last edited 4 months ago)

Would this affect systems booting to the refind bootloader without secure boot? Sorry for the ignorance just trying to figure out if I should be changing my system for this news.

[-] dsemy@lemm.ee 6 points 4 months ago

[-] Jordan_U@lemmy.ml 5 points 4 months ago

No.

This is a vulnerability which allows bypassing secure boot protections. You have already manually bypassed those protections by disabling secure boot.

[-] LinusWorks4Mo@kbin.social 62 points 4 months ago

clickbait title. basically, if your machine is already compromised in a severe way, here is another way how to compromise it further (for whatever reason)

[-] nyan@lemmy.cafe 11 points 4 months ago

And the issue that does exist doesn't even require Linux to be installed, technically. Unless you're an IT pro administering large numbers of systems that boot from a network disk image, there is nothing for you to worry about here.

[-] psud@lemmy.world 3 points 4 months ago

It's also a new way to compromise a machine you have physical access to

[-] bizdelnick@lemmy.ml 28 points 4 months ago* (last edited 4 months ago)

I wonder if Matt calculated CVSS score before calling this vulnerability "critical".

[-] folkrav@lemmy.ca 10 points 4 months ago* (last edited 4 months ago)

It’s the last sentence of the article - 9.8/10. In this case it’s probably called critical because of the potential consequences of the exploit being a full machine takeover, not the likeliness of the exploit being used.

[-] bizdelnick@lemmy.ml 4 points 4 months ago

It means that CVSS is calculated wrong. It can't be so big because default configuration is not affected and attacker requires admin access to change it.

[-] psud@lemmy.world 3 points 4 months ago

Admin or physical access.

[-] folkrav@lemmy.ca 3 points 4 months ago

I mean take a look at the report. Still not sure how it’s “wrong”.

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST

[-] autotldr@lemmings.world 18 points 4 months ago

This is the best summary I could come up with:

Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they’re hard to detect or remove.

The vulnerability resides in shim, which in the context of Linux is a small component that runs in the firmware early in the boot process before the operating system has started.

While these hurdles are steep, they’re by no means impossible, particularly the ability to compromise or impersonate a server that communicates with devices over HTTP, which is unencrypted and requires no authentication.

These particular scenarios could prove useful if an attacker has already gained some level of access inside a network and is looking to take control of connected end-user devices.

In that case, the attacker would first have to forge the digital certificate the server uses to prove it’s authorized to provide boot firmware to devices.

And, of course, already obtaining administrative control through exploiting a separate vulnerability in the operating system is hard and allows attackers to achieve all kinds of malicious objectives.

The original article contains 493 words, the summary contains 189 words. Saved 62%. I'm a bot and I'm open source!

[-] mranderson17@infosec.pub 31 points 4 months ago

“An attacker would need to be able to coerce a system into booting from HTTP if it's not already doing so, and either be in a position to run the HTTP server in question or MITM traffic to it,” - Matthew Garrett

Summary left out a quite important bit.

[-] Quazatron@lemmy.world 6 points 4 months ago

Security people sure are an enthusiastic bunch of fellows.

[-] Rustmilian@lemmy.world 3 points 4 months ago

high-severity

Is not the same as "critical"

[-] gorysubparbagel@lemmy.world 8 points 4 months ago* (last edited 4 months ago)

2 scenarios where it can be exploited:

Acquiring the ability to compromise a server or perform an adversary-in-the-middle impersonation of it to target a device that’s already configured to boot using HTTP

Already having physical access to a device or gaining administrative control by exploiting a separate vulnerability.

this post was submitted on 07 Feb 2024

148 points (87.8% liked)

Linux

45394 readers

1179 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz