ALINUX2-SA-2024:0016: shim security update (Important)

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2023-40546:
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.

CVE-2023-40547:
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

CVE-2023-40548:
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

CVE-2023-40549:
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

CVE-2023-40550:
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

CVE-2023-40551:
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

References

CVE-2023-40546SCORE:6.2/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-40547SCORE:8.3/CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2023-40548SCORE:6.2/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CVE-2023-40549SCORE:6.2/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-40550SCORE:5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2023-40551SCORE:5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Updated Packages

aarch64
- mokutil-15.8-1.1.al7.aarch64.rpm → (download)
- mokutil-debuginfo-15.8-1.1.al7.aarch64.rpm → (download)
- shim-aa64-15.8-1.1.al7.aarch64.rpm → (download)
x86_64
- mokutil-15.8-1.1.al7.x86_64.rpm → (download)
- mokutil-debuginfo-15.8-1.1.al7.x86_64.rpm → (download)
- shim-ia32-15.8-1.1.al7.x86_64.rpm → (download)
- shim-unsigned-ia32-15.8-3.1.al7.x86_64.rpm → (download)
- shim-unsigned-x64-15.8-3.1.al7.x86_64.rpm → (download)
- shim-x64-15.8-1.1.al7.x86_64.rpm → (download)
src
- shim-15.8-3.1.al7.src.rpm → (download)
- shim-signed-15.8-1.1.al7.src.rpm → (download)
noarch
- shim-unsigned-ia32-debuginfo-15.8-3.1.al7.noarch.rpm → (download)
- shim-unsigned-x64-debuginfo-15.8-3.1.al7.noarch.rpm → (download)

Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0016

Summary

Severity

Description

References

Updated Packages