(RHSA-2024:2086) Important: shim security update

2024-04-2901:07:52

access.redhat.com

uefi boot loader

security update

secure boot bypass

rce

integer overflow

heap buffer overflow

out-of-bounds read

malformed pe file

cvss score

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.025

Percentile

90.2%

JSON

The shim package contains a first-stage UEFI boot loader that handles chaining
to a trusted full boot loader under secure boot environments.

Security Fix(es):

shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)
shim: Interger overflow leads to heap buffer overflow in verify_sbat_section
on 32-bits systems (CVE-2023-40548)
shim: Out-of-bounds read printing error messages (CVE-2023-40546)
shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file
(CVE-2023-40549)
shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)
shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64shim-x64< 15.8-2.el8_6shim-x64-15.8-2.el8_6.x86_64.rpm
RedHat8aarch64shim-aa64< 15.8-2.el8_6shim-aa64-15.8-2.el8_6.aarch64.rpm
RedHat8x86_64shim-ia32< 15.8-2.el8_6shim-ia32-15.8-2.el8_6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	shim-x64	< 15.8-2.el8_6	shim-x64-15.8-2.el8_6.x86_64.rpm
RedHat	8	aarch64	shim-aa64	< 15.8-2.el8_6	shim-aa64-15.8-2.el8_6.aarch64.rpm
RedHat	8	x86_64	shim-ia32	< 15.8-2.el8_6	shim-ia32-15.8-2.el8_6.x86_64.rpm