MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
command
Recherche

Secure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework Laptops

mercredi 15 octobre 2025, 03:25 , par Slashdot
Secure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework Laptops
Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules.

The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. 'This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads.' The researchers also note that the attack can be automated via startup scripts to persist across reboots.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/10/14/2123205/secure-boot-bypass-risk-threatens-nearly-200000-linux...

Voir aussi

command NordVPN Embraces Open Source By Releasing Its Linux GUI On GitHub Slashdot15 Oct
framework Framework flame war erupts over support of politically polarizing Linux projects TheRegister14 Oct
secure Distribution Release: Linux Mint 7 "LMDE" DistroWatch14 Oct
boot Privacy-focused email provider Fastmail launches desktop app for Windows, macOS, and Linux BetaNews13 Oct
bypass RIP Windows 10 -- Winux 'W10EOL' is the Windows 11 clone that runs on Linux and makes your old PC feel new again BetaNews13 Oct
uefi Framework users complain over its support for far-right firebrand BoingBoing13 Oct
laptops Best Windows Laptops (2025): WIRED-Tested Laptops to Buy Wired: Tech.13 Oct
abused German State of Schlesiwg-Holstein Migrates To FOSS Groupware. Next Up: Linux OS Slashdot12 Oct
gsecurity In bizarre move, Framework embraces deeply extremist views OS News11 Oct
memory Running FreeBSD using Windows Subsystem for Linux OS News10 Oct
firmware Distribution Release: Asmi Linux 25.10 DistroWatch10 Oct
disabling Xubuntu Linux 25.10 released with improved Wayland support and Xfce 4.20 BetaNews10 Oct
effectively [$] Last-minute /boot boost for Fedora 43 LWN.net 9 Oct
security Meta will move React to Linux Foundation to address vendor dominance fears TheRegister 9 Oct
read UK's Central Bank Warns of Growing Risk That AI Bubble Could Burst Slashdot 9 Oct
linux Ubuntu Linux 25.10 'Questing Quokka' arrives with memory-safe system tools and better hardware support BetaNews 9 Oct
windows Unpacking the Microsoft Agent Framework InfoWorld 9 Oct
command React JS library moving from Meta to the Linux Foundation InfoWorld 8 Oct
framework Distribution Release: Exton Linux 251008 "PuppEX" DistroWatch 8 Oct
secure Poor API security practices could put agentic AI deployments at risk BetaNews 8 Oct
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mer. 15 oct. - 11:51 CEST