CVE-2023-40551 – Shim: out of bounds read when parsing mz binaries
https://notcve.org/view.php?id=CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. Se encontró un fallo en el formato binario MZ en Shim. Es posible que se produzca una lectura fuera de los límites, lo que provocará un bloqueo o una posible exposición de datos confidenciales durante la fase de inicio del sistema. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve • CWE-125: Out-of-bounds Read •
CVE-2023-40546 – Shim: out-of-bounds read printing error messages
https://notcve.org/view.php?id=CVE-2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. Se encontró un fallo en Shim cuando ocurrió un error al crear una nueva variable ESL. Si Shim no puede crear la nueva variable, intenta imprimir un mensaje de error para el usuario; sin embargo, la cantidad de parámetros utilizados por la función de registro no coincide con la cadena de formato utilizada, lo que provoca un bloqueo en determinadas circunstancias. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve • CWE-476: NULL Pointer Dereference •
CVE-2023-40549 – Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
https://notcve.org/view.php?id=CVE-2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. Se encontró un fallo de lectura fuera de los límites en Shim debido a la falta de una verificación de límites adecuada durante la carga de un binario PE. Esta falla permite a un atacante cargar un binario PE manipulado, lo que desencadena el problema y bloquea Shim, lo que resulta en una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve • CWE-125: Out-of-bounds Read •
CVE-2023-40550 – Shim: out-of-bound read in verify_buffer_sbat()
https://notcve.org/view.php?id=CVE-2023-40550
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. Se encontró un fallo de lectura fuera de los límites en Shim cuando intentó validar la información SBAT. Este problema puede exponer datos confidenciales durante la fase de inicio del sistema. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve • CWE-125: Out-of-bounds Read •
CVE-2024-0841 – Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function
https://notcve.org/view.php?id=CVE-2024-0841
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró un fallo de desreferencia de puntero null en la función Hugetlbfs_fill_super en la funcionalidad Hugetlbfs (páginas HugeTLB) del kernel de Linux. Este problema puede permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2024-0841 https://bugzilla.redhat.com/show_bug.cgi?id=2256490 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html • CWE-476: NULL Pointer Dereference •