shim-15-8.el7

The shim package contains a first stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)

* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)

* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)

* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)

* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)

* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)

* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)

* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
CVE-2020-10713
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.
CVE-2020-14309
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-14310
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-14311
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.