Skip Navigation

Linux @lemmy.ml 𝓢𝓮𝓮𝓙𝓪𝔂𝓔𝓶𝓶 @lemmy.procrastinati.org 10 mo. ago

Critical vulnerability affecting most Linux distros allows for bootkits

arstechnica.com Critical vulnerability affecting most Linux distros allows for bootkits

Buffer overflow in bootloader shim allows attackers to run code each time devices boot up.

Critical vulnerability affecting most Linux distros allows for bootkits

Security @lemmy.ml BlanK0 @lemmy.ml 10 mo. ago

Critical vulnerability affecting most Linux distros allows for bootkits

arstechnica.com /

You're viewing a single thread.

28 comments

I wonder if Matt calculated CVSS score before calling this vulnerability "critical".
- It’s the last sentence of the article - 9.8/10. In this case it’s probably called critical because of the potential consequences of the exploit being a full machine takeover, not the likeliness of the exploit being used.
  
  It means that CVSS is calculated wrong. It can't be so big because default configuration is not affected and attacker requires admin access to change it.
  
  Admin or physical access.
  
  I mean take a look at the report. Still not sure how it’s “wrong”.
  
  https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-40547&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST

You've viewed 28 comments.