shim-aa64 (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package shim-aa64, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2023-40547 — CVSS 8.3 (high): A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP…
CVE-2022-28733 — CVSS 8.1 (high): Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets(…
CVE-2022-28734 — CVSS 8.1 (high): Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal…
CVE-2023-40548 — CVSS 7.4 (high): A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled…
CVE-2021-3697 — CVSS 7.0 (high): A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a…
CVE-2022-28735 — CVSS 6.7 (medium): The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded…
CVE-2022-28737 — CVSS 6.5 (medium): There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function…
CVE-2022-28736 — CVSS 6.4 (medium): There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems…
CVE-2023-40546 — CVSS 6.2 (medium): A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to…
CVE-2023-40549 — CVSS 6.2 (medium): An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw…
CVE-2023-40550 — CVSS 5.5 (medium): An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during…
CVE-2023-40551 — CVSS 5.1 (medium): A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive…
CVE-2021-3696 — CVSS 4.5 (medium): A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap…
CVE-2021-3695 — CVSS 4.5 (medium): A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause…