Описание
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 15.7-0ubuntu1 |
| esm-infra-legacy/trusty | ignored | install media keys will never be revoked |
| esm-infra/bionic | pending | 15.7-0ubuntu1 |
| esm-infra/focal | released | 15.7-0ubuntu1 |
| esm-infra/xenial | ignored | install media keys will never be revoked |
| focal | released | 15.7-0ubuntu1 |
| impish | ignored | end of life |
| jammy | released | 15.7-0ubuntu1 |
| kinetic | ignored | end of life, was needed |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
There's a possible overflow in handle_image() when shim tries to load ...
EPSS
6.5 Medium
CVSS3