RHSA-2021:1734MediumCVSS 7.6
Red Hat Security Advisory: shim security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2020-14372 — grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-25632 — grub2: Use-after-free in rmmod command CVE-2020-25647 — grub2: Out-of-bounds write in grub_usb_device_initialize() CVE-2020-27749 — grub2: Stack buffer overflow in grub_parser_split_cmdline() CVE-2020-27779 — grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled CVE-2021-20225 — grub2: Heap out-of-bounds write in short form option parser CVE-2021-20233 — grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2021:1734
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-003
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1873150
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1879577
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1886936
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1899966
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1900698
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1924696
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1926263
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1734.json