Published: 20 July 2023
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
This is fixed in 15.7-0ubuntu1 that is currently in the -updates pocket of focal, jammy, and kinetic.
keys not updated on ESM releases as doing so would revoke install media keys
Launchpad, Ubuntu, Debian
(end of life, was needed)
(end of life)
Severity score breakdown