Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: shim #1344

Closed
dongsupark opened this issue Feb 7, 2024 · 1 comment
Closed

update: shim #1344

dongsupark opened this issue Feb 7, 2024 · 1 comment
Labels
advisory security advisory cvss/CRITICAL >= 9 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

Name: shim
CVEs: CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551
CVSSs: 5.5, 9.8, 7.4, 5.5, 5.5, 7.1
Action Needed: update to >= 15.8

Summary:

  • CVE-2023-40546: A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
  • CVE-2023-40547: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.
  • CVE-2023-40548: A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
  • CVE-2023-40549: An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
  • CVE-2023-40550: An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
  • CVE-2023-40551: A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

refmap.gentoo: https://bugs.gentoo.org/922931
@dongsupark dongsupark added security security concerns advisory security advisory cvss/CRITICAL >= 9 assessed CVSS labels Feb 7, 2024
@github-actions github-actions bot mentioned this issue Feb 22, 2024
Closed
@pothos pothos mentioned this issue Feb 26, 2024
Merged
2 tasks
@sayanchowdhury
Copy link
Member

Updated to 15.8 in flatcar/scripts#1589. Closing the issue.

@github-actions github-actions bot mentioned this issue Mar 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
advisory security advisory cvss/CRITICAL >= 9 assessed CVSS security security concerns
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sayanchowdhury @dongsupark