Search CVE reports
1 – 10 of 12 results
Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot...
3 affected packages
secureboot-db, shim-signed, shim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
| shim-signed | Not affected | Not affected | Not affected | Not affected |
| shim | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 23
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
3 affected packages
shim-signed, shim, secureboot-db
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim-signed | Fixed | Fixed | Fixed | Needs evaluation |
| shim | Fixed | Fixed | Fixed | Needs evaluation |
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 23
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
3 affected packages
shim-signed, shim, secureboot-db
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim-signed | Fixed | Fixed | Fixed | Needs evaluation |
| shim | Fixed | Fixed | Fixed | Needs evaluation |
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 23
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim,...
3 affected packages
shim-signed, shim, secureboot-db
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim-signed | Fixed | Fixed | Fixed | Needs evaluation |
| shim | Fixed | Fixed | Fixed | Needs evaluation |
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 23
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory...
3 affected packages
shim-signed, shim, secureboot-db
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim-signed | Fixed | Fixed | Fixed | Needs evaluation |
| shim | Fixed | Fixed | Fixed | Needs evaluation |
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 23
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a...
3 affected packages
shim-signed, shim, secureboot-db
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim-signed | Fixed | Fixed | Fixed | Needs evaluation |
| shim | Fixed | Fixed | Fixed | Needs evaluation |
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 23
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging...
3 affected packages
shim-signed, shim, secureboot-db
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim-signed | Fixed | Fixed | Fixed | Needs evaluation |
| shim | Fixed | Fixed | Fixed | Needs evaluation |
| secureboot-db | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 7
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can...
1 affected package
shim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim | Not affected | Fixed | Fixed | Vulnerable |
The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.
1 affected package
systemd-shim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| systemd-shim | — | — | — | — |
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
1 affected package
shim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| shim | — | — | — | — |