文章介绍了一个Linux漏洞,允许攻击者通过initramfs调试壳注入代码并绕过Secure Boot和加密。该漏洞可导致持久性恶意软件植入。修复方法简单,涉及调整内核参数,并附有详细链接供参考。 2025-7-6 19:34:39 Author: www.reddit.com(查看原文) 阅读量:10 收藏
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
I covered a fascinating post by Alexander Moch at ERNW about a boot-level Linux vulnerability that lets attackers inject code from the initramfs debug shell. Even with Secure Boot and encryption, a few key presses can drop you to a shell and allow persistent malware to be added.
Luckily, the fix is simple and involves kernel parameters. I break it down here:
https://nerds.xyz/2025/07/linux-initramfs-security-flaw-secure-boot-bypass/
Curious what others are doing to harden this layer.
如有侵权请联系:admin#unsafe.sh