CVE-2023-40547 – Shim: rce in http boot support may lead to secure boot bypass
https://notcve.org/view.php?id=CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. Se encontró una vulnerabilidad de ejecución remota de código en Shim. • http://www.openwall.com/lists/oss-security/2024/01/26/1 https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com& • CWE-346: Origin Validation Error CWE-787: Out-of-bounds Write •
CVE-2022-28737 – There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
https://notcve.org/view.php?id=CVE-2022-28737
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737 https://www.openwall.com/lists/oss-security/2022/06/07/5 https://access.redhat.com/security/cve/CVE-2022-28737 https://bugzilla.redhat.com/show_bug.cgi?id=2090899 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2014-3677 – shim: memory corruption flaw when processing Machine Owner Keys (MOKs)
https://notcve.org/view.php?id=CVE-2014-3677
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. Vulnerabilidad no especificada en Shim podría permitir a atacantes ejecutar código arbitrario a través de una lista MOK manipulada, lo que provoca la corrupción de la memoria. An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys (MOKs). A local attacker could potentially use this flaw to execute arbitrary code on the system. • http://rhn.redhat.com/errata/RHSA-2014-1801.html http://www.openwall.com/lists/oss-security/2014/10/13/4 http://www.securityfocus.com/bid/70410 https://exchange.xforce.ibmcloud.com/vulnerabilities/96989 https://access.redhat.com/security/cve/CVE-2014-3677 https://bugzilla.redhat.com/show_bug.cgi?id=1148232 • CWE-787: Out-of-bounds Write •
CVE-2014-3676 – shim: heap-based buffer overflow flaw in IPv6 address parsing
https://notcve.org/view.php?id=CVE-2014-3676
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." Desbordamiento de buffer basado en la memoria dinámica en Shim permite a atacantes remotos ejecutar código arbitrario a través de una dirección IPv6 manipulada, relacionado con la opción de arranque 'tftp:// DHCPv6.' A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. • http://rhn.redhat.com/errata/RHSA-2014-1801.html http://www.openwall.com/lists/oss-security/2014/10/13/4 http://www.securityfocus.com/bid/70409 https://exchange.xforce.ibmcloud.com/vulnerabilities/96988 https://access.redhat.com/security/cve/CVE-2014-3676 https://bugzilla.redhat.com/show_bug.cgi?id=1148231 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2014-3675 – shim: out-of-bounds memory read flaw in DHCPv6 packet processing
https://notcve.org/view.php?id=CVE-2014-3675
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. Shim permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un paquete DHCPv6 manipulado. An out-of-bounds memory read flaw was found in the way shim parsed certain IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting if IPv6 booting was enabled. • http://rhn.redhat.com/errata/RHSA-2014-1801.html http://www.openwall.com/lists/oss-security/2014/10/13/4 http://www.securityfocus.com/bid/70407 https://exchange.xforce.ibmcloud.com/vulnerabilities/96981 https://access.redhat.com/security/cve/CVE-2014-3675 https://bugzilla.redhat.com/show_bug.cgi?id=1148230 • CWE-125: Out-of-bounds Read •