Lucene search

K
osvGoogleOSV:ALSA-2024:1902
HistoryApr 18, 2024 - 12:00 a.m.

Important: shim security update

2024-04-1800:00:00
Google
osv.dev
16
shim package
uefi boot loader
secure boot
rce
heap buffer overflow
cve-2023-40547
cve-2023-40548
cve-2023-40546
cve-2023-40549
cve-2023-40550
cve-2023-40551

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.006

Percentile

79.6%

The shim package contains a first-stage UEFI boot loader that handles chaining
to a trusted full boot loader under secure boot environments.

Security Fix(es):

  • shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)
  • shim: Interger overflow leads to heap buffer overflow in verify_sbat_section
    on 32-bits systems (CVE-2023-40548)
  • shim: Out-of-bounds read printing error messages (CVE-2023-40546)
  • shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file
    (CVE-2023-40549)
  • shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)
  • shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.006

Percentile

79.6%