SUSE update for shim

1) Out-of-bounds write

EUVDB-ID: #VU64067

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28737

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a boundary error in the handle_image() function when shim tries to load and execute crafted EFI executables. A local privileged user can trigger an out-of-bounds write error and bypass secure boot protection mechanism.

Mitigation

Update the affected package shim to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP2

SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2

SUSE Linux Enterprise Server 15: SP1 - SP2

SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1

SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2

SUSE Linux Enterprise High Performance Computing 15: SP1 - SP2

SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1

SUSE Enterprise Storage: 7.1

SUSE CaaS Platform: 4.0

shim-debuginfo: before 15.7-150100.3.35.1

shim-debugsource: before 15.7-150100.3.35.1

shim: before 15.7-150100.3.35.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232086-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.