(RHSA-2024:1835) Important: shim security update

2024-04-1613:34:49

access.redhat.com

shim package

uefi boot loader

secure boot

rce

integer overflow

heap buffer overflow

out-of-bounds read

cve-2023-40547

cve-2023-40548

cve-2023-40546

cve-2023-40549

cve-2023-40550

cve-2023-40551

mz binaries

7.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

The shim package contains a first stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)
shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (CVE-2023-40548)
shim: Out-of-bounds read printing error messages (CVE-2023-40546)
shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549)
shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)
shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9x86_64shim-x64< 15.8-3.el9shim-x64-15.8-3.el9.x86_64.rpm
RedHat9aarch64shim-aa64< 15.8-3.el9shim-aa64-15.8-3.el9.aarch64.rpm
RedHat9aarch64shim-unsigned-aarch64< 15.8-2.el9shim-unsigned-aarch64-15.8-2.el9.aarch64.rpm
RedHat9x86_64shim-unsigned-x64< 15.8-2.el9shim-unsigned-x64-15.8-2.el9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	x86_64	shim-x64	< 15.8-3.el9	shim-x64-15.8-3.el9.x86_64.rpm
RedHat	9	aarch64	shim-aa64	< 15.8-3.el9	shim-aa64-15.8-3.el9.aarch64.rpm
RedHat	9	aarch64	shim-unsigned-aarch64	< 15.8-2.el9	shim-unsigned-aarch64-15.8-2.el9.aarch64.rpm
RedHat	9	x86_64	shim-unsigned-x64	< 15.8-2.el9	shim-unsigned-x64-15.8-2.el9.x86_64.rpm