CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40547 – Shim: rce in http boot support may lead to secure boot bypass
https://notcve.org/view.php?id=CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. Se encontró una vulnerabilidad de ejecución remota de código en Shim. • http://www.openwall.com/lists/oss-security/2024/01/26/1 https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com& • CWE-346: Origin Validation Error CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28737 – There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
https://notcve.org/view.php?id=CVE-2022-28737
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737 https://www.openwall.com/lists/oss-security/2022/06/07/5 https://access.redhat.com/security/cve/CVE-2022-28737 https://bugzilla.redhat.com/show_bug.cgi?id=2090899 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8399
https://notcve.org/view.php?id=CVE-2014-8399
The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. La configuración por defecto en systemd-shim 8 habilita la clausula de purificación Abandon, lo que permite a usuarios locales causar una denegación de servicio a través de vectores no especificados. • http://www.ubuntu.com/usn/USN-2392-1 https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893 •