Lucene search

K
redhatRedHatRHSA-2024:1835
HistoryApr 16, 2024 - 1:34 p.m.

(RHSA-2024:1835) Important: shim security update

2024-04-1613:34:49
CWE-346->CWE-787
access.redhat.com
24
shim package
uefi boot loader
secure boot
rce
integer overflow
heap buffer overflow
out-of-bounds read
cve-2023-40547
cve-2023-40548
cve-2023-40546
cve-2023-40549
cve-2023-40550
cve-2023-40551
mz binaries

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.006

Percentile

79.6%

The shim package contains a first stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

  • shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)

  • shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (CVE-2023-40548)

  • shim: Out-of-bounds read printing error messages (CVE-2023-40546)

  • shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549)

  • shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)

  • shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatshimRange≤15.8-3.el7
OR
redhatshimRange≤15.8-1.el7
OR
redhatshimRange≤15.8-4.el8_9
OR
redhatshimRange≤15.8-2.el8_2
OR
redhatshimRange≤15.8-2.el8_4
OR
redhatshimRange≤15.8-2.el8_6
OR
redhatshimRange≤15.8-2.el8
OR
redhatshimRange≤15.8-2.el8
OR
redhatshimRange≤15.8-4.el9_3
OR
redhatshimRange≤15.8-3.el9
OR
redhatshimRange≤15.8-2.el9
OR
redhatshimRange≤15.8-2.el9
OR
redhatshimRange≤15.8-3.el9_2
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatshim*cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.006

Percentile

79.6%