rpm package
almalinux/shim-ia32
pkg:rpm/almalinux/shim-ia32
Vulnerabilities (21)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40551 | — | < 15.8-4.el8_9.alma.1 | 15.8-4.el8_9.alma.1 | Jan 29, 2024 | A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. | ||
| CVE-2023-40546 | — | < 15.8-4.el8_9.alma.1 | 15.8-4.el8_9.alma.1 | Jan 29, 2024 | A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, | ||
| CVE-2023-40549 | — | < 15.8-4.el8_9.alma.1 | 15.8-4.el8_9.alma.1 | Jan 29, 2024 | An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. | ||
| CVE-2023-40550 | — | < 15.8-4.el8_9.alma.1 | 15.8-4.el8_9.alma.1 | Jan 29, 2024 | An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. | ||
| CVE-2023-40548 | — | < 15.8-4.el8_9.alma.1 | 15.8-4.el8_9.alma.1 | Jan 29, 2024 | A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer | ||
| CVE-2023-40547 | — | < 15.8-4.el8_9.alma.1 | 15.8-4.el8_9.alma.1 | Jan 25, 2024 | A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitiv | ||
| CVE-2022-28737 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memo | ||
| CVE-2022-28736 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerabili | ||
| CVE-2022-28735 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | ||
| CVE-2022-28734 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf | ||
| CVE-2022-28733 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number whi | ||
| CVE-2021-3697 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 6, 2022 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. | ||
| CVE-2021-3696 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 6, 2022 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and | ||
| CVE-2021-3695 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 6, 2022 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be expl | ||
| CVE-2021-20233 | — | < 15.4-2.el8_1.alma | 15.4-2.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to c | ||
| CVE-2021-20225 | — | < 15.4-2.el8_1.alma | 15.4-2.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data con | ||
| CVE-2020-25632 | — | < 15.4-2.el8_1.alma | 15.4-2.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed | ||
| CVE-2020-25647 | — | < 15.4-2.el8_1.alma | 15.4-2.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrar | ||
| CVE-2020-14372 | — | < 15.4-2.el8_1.alma | 15.4-2.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the L | ||
| CVE-2020-27749 | — | < 15.4-2.el8_1.alma | 15.4-2.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a c |
- CVE-2023-40551Jan 29, 2024affected < 15.8-4.el8_9.alma.1fixed 15.8-4.el8_9.alma.1
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
- CVE-2023-40546Jan 29, 2024affected < 15.8-4.el8_9.alma.1fixed 15.8-4.el8_9.alma.1
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it,
- CVE-2023-40549Jan 29, 2024affected < 15.8-4.el8_9.alma.1fixed 15.8-4.el8_9.alma.1
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
- CVE-2023-40550Jan 29, 2024affected < 15.8-4.el8_9.alma.1fixed 15.8-4.el8_9.alma.1
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
- CVE-2023-40548Jan 29, 2024affected < 15.8-4.el8_9.alma.1fixed 15.8-4.el8_9.alma.1
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer
- CVE-2023-40547Jan 25, 2024affected < 15.8-4.el8_9.alma.1fixed 15.8-4.el8_9.alma.1
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitiv
- CVE-2022-28737Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memo
- CVE-2022-28736Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerabili
- CVE-2022-28735Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
- CVE-2022-28734Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf
- CVE-2022-28733Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number whi
- CVE-2021-3697Jul 6, 2022affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload.
- CVE-2021-3696Jul 6, 2022affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and
- CVE-2021-3695Jul 6, 2022affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be expl
- CVE-2021-20233Mar 3, 2021affected < 15.4-2.el8_1.almafixed 15.4-2.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to c
- CVE-2021-20225Mar 3, 2021affected < 15.4-2.el8_1.almafixed 15.4-2.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data con
- CVE-2020-25632Mar 3, 2021affected < 15.4-2.el8_1.almafixed 15.4-2.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed
- CVE-2020-25647Mar 3, 2021affected < 15.4-2.el8_1.almafixed 15.4-2.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrar
- CVE-2020-14372Mar 3, 2021affected < 15.4-2.el8_1.almafixed 15.4-2.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the L
- CVE-2020-27749Mar 3, 2021affected < 15.4-2.el8_1.almafixed 15.4-2.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a c
Page 1 of 2