CVE-2023-40550 affecting package shim-unsigned-x64 for versions less than 15.8-5

CVE-2023-40550 affecting package shim-unsigned-x64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-5

CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

AZL-35253 CVE-2023-40546 affecting package shim for versions less than 15.8-3

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

AZL-35273 CVE-2023-40549 affecting package shim-unsigned-x64 for versions less than 15.8-3

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

AZL-35256 CVE-2023-40549 affecting package shim for versions less than 15.8-3

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

AZL-35255 CVE-2023-40548 affecting package shim for versions less than 15.8-3

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

AZL-35267 CVE-2023-40547 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

AZL-40833 CVE-2019-14584 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access...