I love how every time I read a "Critical" vulnerability in Linux it's essentially "The user must leave their computer completely unlocked in an accessible area for a long period of time. Also he needs this very specific combination of programs running in these specific versions. Ah, and the planets have to be aligned for it to work. If all of these happen, an attacker might glimpse at your desktop wallpaper, so definitely critical".

This is a vulnerability in shim, which is a UEFI "bootloader" used by distros mainly to allow booting with the "stock" (Microsoft) secure boot keys.

If you don't use secure boot or don't use shim (likely if you use your own keys), this doesn't affect you at all.

In any case this "critical vulnerability" mainly affects machines relying on shim which also boot over unencrypted HTTP.

clickbait title. basically, if your machine is already compromised in a severe way, here is another way how to compromise it further (for whatever reason)

I wonder if Matt calculated CVSS score before calling this vulnerability "critical".

This is the best summary I could come up with:

Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they’re hard to detect or remove.

The vulnerability resides in shim, which in the context of Linux is a small component that runs in the firmware early in the boot process before the operating system has started.

While these hurdles are steep, they’re by no means impossible, particularly the ability to compromise or impersonate a server that communicates with devices over HTTP, which is unencrypted and requires no authentication.

These particular scenarios could prove useful if an attacker has already gained some level of access inside a network and is looking to take control of connected end-user devices.

In that case, the attacker would first have to forge the digital certificate the server uses to prove it’s authorized to provide boot firmware to devices.

And, of course, already obtaining administrative control through exploiting a separate vulnerability in the operating system is hard and allows attackers to achieve all kinds of malicious objectives.

The original article contains 493 words, the summary contains 189 words. Saved 62%. I'm a bot and I'm open source!

2 scenarios where it can be exploited:

Acquiring the ability to compromise a server or perform an adversary-in-the-middle impersonation of it to target a device that’s already configured to boot using HTTP

Already having physical access to a device or gaining administrative control by exploiting a separate vulnerability.