Red Hat Shim
Recent Red Hat Shim Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2024:1959 | (RHSA-2024:1959) Important: shim security update | April 23, 2024 |
| RHSA-2024:1903 | (RHSA-2024:1903) Important: shim bug fix update | April 18, 2024 |
| RHSA-2024:1902 | (RHSA-2024:1902) Important: shim security update | April 18, 2024 |
| RHSA-2024:1883 | (RHSA-2024:1883) Important: shim security update | April 18, 2024 |
| RHSA-2024:1876 | (RHSA-2024:1876) Important: shim bug fix update | April 18, 2024 |
| RHSA-2024:1873 | (RHSA-2024:1873) Important: shim security update | April 18, 2024 |
| RHSA-2024:1835 | (RHSA-2024:1835) Important: shim security update | April 16, 2024 |
| RHSA-2024:1834 | (RHSA-2024:1834) Important: shim security update | April 16, 2024 |
| RHSA-2022:5099 | (RHSA-2022:5099) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update | June 16, 2022 |
| RHSA-2022:5100 | (RHSA-2022:5100) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update | June 16, 2022 |
By the Year
In 2024 there have been 6 vulnerabilities in Red Hat Shim with an average score of 6.2 out of ten. Last year Shim had 1 security vulnerability published. That is, 5 more vulnerabilities have already been reported in 2024 as compared to last year. Last year, the average CVE base score was greater by 1.58
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 6 | 6.22 |
| 2023 | 1 | 7.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Shim vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Shim Security Vulnerabilities
A flaw was found in the MZ binary format in Shim
CVE-2023-40551
5.1 - Medium
- January 29, 2024
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
Out-of-bounds Read
A flaw was found in Shim when an error happened while creating a new ESL variable
CVE-2023-40546
5.5 - Medium
- January 29, 2024
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
NULL Pointer Dereference
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information
CVE-2023-40550
5.5 - Medium
- January 29, 2024
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
Out-of-bounds Read
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary
CVE-2023-40549
5.5 - Medium
- January 29, 2024
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
Out-of-bounds Read
A buffer overflow was found in Shim in the 32-bit system
CVE-2023-40548
7.4 - High
- January 29, 2024
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
Memory Corruption
A remote code execution vulnerability was found in Shim
CVE-2023-40547
8.3 - High
- January 25, 2024
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Out-of-bounds Read
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field
CVE-2022-28737
7.8 - High
- July 20, 2023
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
Memory Corruption
Unspecified vulnerability in Shim might
CVE-2014-3677
- October 22, 2014
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
Shim allows remote attackers to cause a denial of service (out-of-bounds read)
CVE-2014-3675
- October 22, 2014
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
Out-of-bounds Read
Heap-based buffer overflow in Shim
CVE-2014-3676
- October 22, 2014
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Shim or by Red Hat? Click the Watch button to subscribe.
