It's bad enough that current computers do EXACTLY what they're told, whether it's what you meant or not. Now we're going to have to deal with computers doing whatever the hell they want.

No, tt's not firmware, but it's "close". The bug allows for the installation of a bootkit when one would otherwise be prevented by Secure Boot and related firmware-based protection mechanisms. On Linux systems with Secure Boot enabled, they need to use shim.efi to allow them to boot. shim.efi is signed by Microsoft and is capable of loading a next-stage boot loader, signed or otherwise, dependent on configuration.

This bug impacts shim.efi's HTTP handling when dealing with network booting situations, which impacts a vanishingly small percentage of home/personal users, but may have some impacts in corporate environments. But it requies a MITM presence on the network or some other way of controlling the HTTP traffic going to the target machine.

Someone should start a GoFundMe to send a few of the most prominent flat earth "researchers" on a trip up to convince them to stop wasting their time.