Vulnerabilities > CVE-2022-28737 - Out-of-bounds Write vulnerability in Redhat Shim

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

redhat

CWE-787

NVD

Published: 2023-07-20

Updated: 2023-07-28

Summary

There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Shim - Redhat Shim 0.3 Redhat Shim 0.4 Redhat Shim 0.5 Redhat Shim 0.7 Redhat Shim 0.8 Redhat Shim 0.9 Redhat Shim 1.0.4 Redhat Shim 1.0.5 Redhat Shim 1.0.6 Redhat Shim 1.0.7 Redhat Shim 1.0.8 Redhat Shim 1.0.9 Redhat Shim 1.1.0 Redhat Shim 1.1.1 Redhat Shim 10 Redhat Shim 11 Redhat Shim 12 Redhat Shim 13 Redhat Shim 14 Redhat Shim 15 Redhat Shim 15.1 Redhat Shim 15.2 Redhat Shim 15.3 Redhat Shim 15.4	29

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References