shim-15.8-4.el8_9.ML.1

エラータID: AXSA:2024-7744:01

Release date: 
Wednesday, May 22, 2024 - 15:07
Subject: 
shim-15.8-4.el8_9.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The shim package contains a first-stage UEFI boot loader that handles chaining
to a trusted full boot loader under secure boot environments.

Security Fix(es):

* shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)
* shim: Interger overflow leads to heap buffer overflow in verify_sbat_section
on 32-bits systems (CVE-2023-40548)
* shim: Out-of-bounds read printing error messages (CVE-2023-40546)
* shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file
(CVE-2023-40549)
* shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)
* shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40548
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
CVE-2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
CVE-2023-40550
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

Solution: 

Update packages.

CVEs: 
CVE-2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40548
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
CVE-2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
CVE-2023-40550
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
Additional Info: 

N/A

Download: 

SRPMS
  1. shim-15.8-4.el8_9.ML.1.src.rpm
    MD5: 98c4402b1d24de02248aa6e2db36e630
    SHA-256: 54bc245779c0dbe3c3038ed27d1d45254ea35884bf3e3109041b23f6021896c2
    Size: 1.38 MB

Asianux Server 8 for x86_64
  1. shim-ia32-15.8-4.el8_9.ML.1.x86_64.rpm
    MD5: 52679df9853fe9704ee29230a2c1afb3
    SHA-256: a813348f97aee3f6fe3028db213999eea01171e24d9f1425b1443e234d59113c
    Size: 789.45 kB
  2. shim-x64-15.8-4.el8_9.ML.1.x86_64.rpm
    MD5: 624eb38620624182a80053113897eb7b
    SHA-256: 8231fa7f4fe0b0d20ceca560dae3f37ffca4926859653876e1bb4c07dbdad9eb
    Size: 456.51 kB