Updated: 2024-12-12 01:08:10.923294
Description:
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.4 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | shim | 15 | 7.4 | HIGH | Already Fixed | 2025-04-17 03:53:39 | ||
| CentOS 7 ELS | shim | 15 | 7.4 | HIGH | Released | CLSA-2024:1721204645 | 2024-08-20 12:23:59 | |
| CentOS 8.4 ELS | shim | 15-15 | 7.4 | HIGH | Released | CLSA-2024:1711036007 | 2024-03-21 14:09:50 | |
| CentOS 8.5 ELS | shim | 15-15 | 7.4 | HIGH | Released | CLSA-2024:1711036383 | 2024-03-21 14:09:49 | |
| CentOS Stream 8 ELS | shim | 15 | 7.4 | HIGH | Released | CLSA-2024:1724271309 | 2024-08-21 17:34:14 |