rpm package
almalinux/shim-unsigned-x64
pkg:rpm/almalinux/shim-unsigned-x64
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28737 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memo | ||
| CVE-2022-28736 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerabili | ||
| CVE-2022-28735 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | ||
| CVE-2022-28734 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf | ||
| CVE-2022-28733 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 20, 2023 | Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number whi | ||
| CVE-2021-3697 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 6, 2022 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. | ||
| CVE-2021-3696 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 6, 2022 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and | ||
| CVE-2021-3695 | — | < 15.6-1.el8.alma | 15.6-1.el8.alma | Jul 6, 2022 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be expl | ||
| CVE-2021-20233 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to c | ||
| CVE-2021-20225 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data con | ||
| CVE-2020-25632 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed | ||
| CVE-2020-25647 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrar | ||
| CVE-2020-14372 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the L | ||
| CVE-2020-27749 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a c | ||
| CVE-2020-27779 | — | < 15.4-4.el8_1.alma | 15.4-4.el8_1.alma | Mar 3, 2021 | A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory lay |
- CVE-2022-28737Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memo
- CVE-2022-28736Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerabili
- CVE-2022-28735Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
- CVE-2022-28734Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf
- CVE-2022-28733Jul 20, 2023affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number whi
- CVE-2021-3697Jul 6, 2022affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload.
- CVE-2021-3696Jul 6, 2022affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and
- CVE-2021-3695Jul 6, 2022affected < 15.6-1.el8.almafixed 15.6-1.el8.alma
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be expl
- CVE-2021-20233Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to c
- CVE-2021-20225Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data con
- CVE-2020-25632Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed
- CVE-2020-25647Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrar
- CVE-2020-14372Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the L
- CVE-2020-27749Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a c
- CVE-2020-27779Mar 3, 2021affected < 15.4-4.el8_1.almafixed 15.4-4.el8_1.alma
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory lay