Red Hat Shim 15.4

CPE Details

Red Hat Shim 15.4
redhat
shim
15.4
2021-04-06
11h53 +00:00
2021-04-21
13h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:shim:15.4:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

shim

Version

15.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-40551 2024-01-29 16h46 +00:00 A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
5.1
Medium
CVE-2023-40546 2024-01-29 16h29 +00:00 A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
6.2
Medium
CVE-2023-40549 2024-01-29 16h29 +00:00 An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
6.2
Medium
CVE-2023-40550 2024-01-29 16h29 +00:00 An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
5.5
Medium
CVE-2023-40548 2024-01-29 14h53 +00:00 A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
7.4
High
CVE-2023-40547 2024-01-25 15h54 +00:00 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
8.3
High
CVE-2022-28737 2023-07-20 00h26 +00:00 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
7.8
High