Filtered by vendor Redhat
Subscriptions
Filtered by product Shim
Subscriptions
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-40551 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2024-11-24 | 5.1 Medium |
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. | ||||
CVE-2023-40550 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2024-11-24 | 5.5 Medium |
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. | ||||
CVE-2023-40549 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2024-11-24 | 6.2 Medium |
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. | ||||
CVE-2023-40548 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2024-11-24 | 7.4 High |
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | ||||
CVE-2023-40547 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-11-24 | 8.3 High |
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | ||||
CVE-2023-40546 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Rhel Aus and 4 more | 2024-11-24 | 6.2 Medium |
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. | ||||
CVE-2022-28737 | 1 Redhat | 4 Enterprise Linux, Rhel E4s, Rhel Eus and 1 more | 2024-11-21 | 6.5 Medium |
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. | ||||
CVE-2014-3677 | 1 Redhat | 2 Enterprise Linux, Shim | 2024-11-21 | N/A |
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. | ||||
CVE-2014-3676 | 1 Redhat | 2 Enterprise Linux, Shim | 2024-11-21 | N/A |
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | ||||
CVE-2014-3675 | 1 Redhat | 2 Enterprise Linux, Shim | 2024-11-21 | N/A |
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. |
Page 1 of 1.