Описание
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. This flaw allows an attacker to perform an out-of-bounds write in memory. A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | shim | Affected | ||
| Red Hat Enterprise Linux 8 | shim | Fixed | RHSA-2022:5095 | 16.06.2022 |
| Red Hat Enterprise Linux 8 | shim-unsigned-x64 | Fixed | RHSA-2022:5095 | 16.06.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | shim | Fixed | RHSA-2022:5098 | 16.06.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | shim | Fixed | RHSA-2022:5100 | 16.06.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | shim-unsigned-x64 | Fixed | RHSA-2022:5100 | 16.06.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | shim | Fixed | RHSA-2022:5096 | 16.06.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | shim-unsigned-x64 | Fixed | RHSA-2022:5096 | 16.06.2022 |
| Red Hat Enterprise Linux 9 | shim | Fixed | RHSA-2022:5099 | 16.06.2022 |
| Red Hat Enterprise Linux 9 | shim-unsigned-x64 | Fixed | RHSA-2022:5099 | 16.06.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
There's a possible overflow in handle_image() when shim tries to load ...
EPSS
7.3 High
CVSS3