all InfoSec news
The Real Shim Shady - How CVE-2023-40547 Impacts Most Linux Systems
Malware Analysis, News and Indicators - Latest topics malware.news
On February 2, 2024 details about a new vulnerability being tracked as CVE-2023-40547 was released for shim, a critical piece of software used by most Linux distributions in the boot process to support Secure Boot. Discovered and reported by Bill Demirkapi at Microsoft’s Security Response Center, this particular vulnerability stems from HTTP protocol handling, leading to an out-of-bounds write that can lead to complete system compromise.
What is Shim?
Due to legal issues arising from license incompatibilities, open-source projects …
bill bill demirkapi boot center critical cve demirkapi distributions february linux linux distributions linux systems microsoft new vulnerability piece process real response secure boot security shim software support systems vulnerability