CVE Tools
Back to feed
The Hacker News ·EN News source AdvisoryUEFI Shim BootloaderSecure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

By The Hacker News··5 min read
CVE Tools coverage

Researchers have identified 11 outdated, Microsoft-signed UEFI applications that could be exploited to bypass Secure Boot protections on modern systems. These vulnerabilities affect various Linux distributions and bootloaders from vendors including Red Hat, Oracle, and OpenSUSE. Attackers could leverage these flaws to execute arbitrary code during system startup, potentially deploying persistent malware like UEFI bootkits. The issues were addressed in Microsoft's June 2026 Patch Tuesday update and are tracked under CVE-2026-8863 and CVE-2026-10797.