This advisory is for organizations that use Linux distributions within their environment. The advisory applies to a critical vulnerability in the Shim Linux bootloader and effects Linux variants that support Secure Boot.
Red Hat has pushed a code commit to fix a vulnerability in the code they maintain for the Shim bootloader which could be leveraged to execute code and/or take control of a target system before the kernel is loaded.
This vulnerability resides in the part of Shim (httpboot.c) which supports booting an image from a central server on a network using HTTP. One way this may be exploited is through an attacker positioning themselves between the victim and the HTTP server used to serve files that support the HTTP boot. Shim allocates a buffer for the received data using the buffer size specified in the HTTP header. The size in the header can be manipulated to reduce the size of the buffer resulting in a buffer overflow. In other scenarios, the bug may be abused locally by malware that gains system privilege and overwrites the EFI partition, or from an adjacent network when PXE boot is enabled.