发布于3月6日3月6日 Members Red Hat: CVE-2023-40548: shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (Multiple Advisories) Severity 5 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:C) Published 01/29/2024 Created 04/17/2024 Added 04/17/2024 Modified 09/03/2024 Description A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. Solution(s) redhat-upgrade-mokutil redhat-upgrade-mokutil-debuginfo redhat-upgrade-shim-ia32 redhat-upgrade-shim-unsigned-ia32 redhat-upgrade-shim-unsigned-x64 redhat-upgrade-shim-x64 References CVE-2023-40548 RHSA-2024:1835 RHSA-2024:1876 RHSA-2024:1883 RHSA-2024:1902 RHSA-2024:1903 RHSA-2024:1959 RHSA-2024:2086 View more
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。