CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de Eurosoft versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34303 https://bugzilla.redhat.com/show_bug.cgi?id=2120701 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34301 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de CryptoPro Secure Disk versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34301 https://bugzilla.redhat.com/show_bug.cgi?id=2120699 • CWE-494: Download of Code Without Integrity Check •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0171
https://notcve.org/view.php?id=CVE-2022-0171
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). Se ha encontrado un fallo en el kernel de Linux. La API existente de KVM SEV presenta una vulnerabilidad que permite que una aplicación a nivel de usuario no root (anfitrión) bloquee el kernel del anfitrión al crear una instancia de VM de invitado confidencial en la CPU de AMD que admite la virtualización cifrada segura (SEV). • https://access.redhat.com/security/cve/CVE-2022-0171 https://bugzilla.redhat.com/show_bug.cgi?id=2038940 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34302 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de New Horizon Datasys versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34302 https://bugzilla.redhat.com/show_bug.cgi?id=2120687 • CWE-494: Download of Code Without Integrity Check •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2021-35939 – rpm: checks for unsafe symlinks are not performed for intermediary directories
https://notcve.org/view.php?id=CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que la corrección de CVE-2017-7500 y CVE-2017-7501 era incompleta: la comprobación sólo es implementada para el directorio padre del archivo que iba a crearse. Un usuario local no privilegiado que posea otro directorio antecesor podría usar este fallo para conseguir privilegios de root. • https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 https://github.com/rpm-software-management/rpm/pull/1919 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •