Synopsis
Moderate: shim security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.
Security Fix(es):
- grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)
- grub2: Use-after-free in rmmod command (CVE-2020-25632)
- grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)
- grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)
- grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)
- grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)
- grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 8.4 x86_64
-
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
-
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
-
Red Hat Enterprise Linux Server - TUS 8.4 x86_64
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
-
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
-
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
-
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
-
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
-
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
-
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64
-
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
-
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64
Fixes
-
BZ - 1873150
- CVE-2020-14372 grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
-
BZ - 1879577
- CVE-2020-25632 grub2: Use-after-free in rmmod command
-
BZ - 1886936
- CVE-2020-25647 grub2: Out-of-bounds write in grub_usb_device_initialize()
-
BZ - 1899966
- CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline()
-
BZ - 1900698
- CVE-2020-27779 grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled
-
BZ - 1924696
- CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
-
BZ - 1926263
- CVE-2021-20233 grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux Server - AUS 8.6
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux Server - AUS 8.4
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux Server - TUS 8.8
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux Server - TUS 8.6
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux Server - TUS 8.4
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| aarch64 |
|
shim-aa64-15.4-2.el8_1.aarch64.rpm
|
SHA-256: b97af00f72ced6bb75ac2c5eb1100b4a39fea8867d68e6d633ea89f187689439 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| aarch64 |
|
shim-aa64-15.4-2.el8_1.aarch64.rpm
|
SHA-256: b97af00f72ced6bb75ac2c5eb1100b4a39fea8867d68e6d633ea89f187689439 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| aarch64 |
|
shim-aa64-15.4-2.el8_1.aarch64.rpm
|
SHA-256: b97af00f72ced6bb75ac2c5eb1100b4a39fea8867d68e6d633ea89f187689439 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| aarch64 |
|
shim-aa64-15.4-2.el8_1.aarch64.rpm
|
SHA-256: b97af00f72ced6bb75ac2c5eb1100b4a39fea8867d68e6d633ea89f187689439 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
| SRPM |
|
shim-15.4-2.el8_1.src.rpm
|
SHA-256: 3bfc26de867105a4c11b7ad56cd82b1d649f45b5d6d51ad2b1474acd46c624f0 |
| x86_64 |
|
shim-ia32-15.4-2.el8_1.x86_64.rpm
|
SHA-256: 540fc6f47a51b210369e85517f70aba9e91b84acbc423f0c70f7653d1f357d71 |
|
shim-x64-15.4-2.el8_1.x86_64.rpm
|
SHA-256: c5fb6e950b077770f207e29bb31e408739272058892ba8bf0066a9483575d306 |
Red Hat CodeReady Linux Builder for x86_64 8
| SRPM |
|
shim-unsigned-x64-15.4-4.el8_1.src.rpm
|
SHA-256: f242ffa36144ce21319270006d494640f8962b80bf8817eb681296432e99e8d7 |
| x86_64 |
|
shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm
|
SHA-256: 9b3ed1bb26663c75308ce54966af6626a8597f224b0dd927c32a7e2655bd218b |
Red Hat CodeReady Linux Builder for ARM 64 8
| SRPM |
|
shim-unsigned-aarch64-15-7.el8_1.src.rpm
|
SHA-256: f1ee585a3fcf0b8a44808243839d7a2a9643e3dcb46d12dc0cfd32d7d2f66888 |
| aarch64 |
|
shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm
|
SHA-256: 426b65bdbc5e280671385e544201edddff179aab64a77bfc0c52f4cfe6eb24fd |
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8
| SRPM |
|
shim-unsigned-x64-15.4-4.el8_1.src.rpm
|
SHA-256: f242ffa36144ce21319270006d494640f8962b80bf8817eb681296432e99e8d7 |
| x86_64 |
|
shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm
|
SHA-256: 9b3ed1bb26663c75308ce54966af6626a8597f224b0dd927c32a7e2655bd218b |
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
| SRPM |
|
shim-unsigned-x64-15.4-4.el8_1.src.rpm
|
SHA-256: f242ffa36144ce21319270006d494640f8962b80bf8817eb681296432e99e8d7 |
| x86_64 |
|
shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm
|
SHA-256: 9b3ed1bb26663c75308ce54966af6626a8597f224b0dd927c32a7e2655bd218b |
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4
| SRPM |
|
shim-unsigned-x64-15.4-4.el8_1.src.rpm
|
SHA-256: f242ffa36144ce21319270006d494640f8962b80bf8817eb681296432e99e8d7 |
| x86_64 |
|
shim-unsigned-x64-15.4-4.el8_1.x86_64.rpm
|
SHA-256: 9b3ed1bb26663c75308ce54966af6626a8597f224b0dd927c32a7e2655bd218b |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8
| SRPM |
|
shim-unsigned-aarch64-15-7.el8_1.src.rpm
|
SHA-256: f1ee585a3fcf0b8a44808243839d7a2a9643e3dcb46d12dc0cfd32d7d2f66888 |
| aarch64 |
|
shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm
|
SHA-256: 426b65bdbc5e280671385e544201edddff179aab64a77bfc0c52f4cfe6eb24fd |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6
| SRPM |
|
shim-unsigned-aarch64-15-7.el8_1.src.rpm
|
SHA-256: f1ee585a3fcf0b8a44808243839d7a2a9643e3dcb46d12dc0cfd32d7d2f66888 |
| aarch64 |
|
shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm
|
SHA-256: 426b65bdbc5e280671385e544201edddff179aab64a77bfc0c52f4cfe6eb24fd |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4
| SRPM |
|
shim-unsigned-aarch64-15-7.el8_1.src.rpm
|
SHA-256: f1ee585a3fcf0b8a44808243839d7a2a9643e3dcb46d12dc0cfd32d7d2f66888 |
| aarch64 |
|
shim-unsigned-aarch64-15-7.el8_1.aarch64.rpm
|
SHA-256: 426b65bdbc5e280671385e544201edddff179aab64a77bfc0c52f4cfe6eb24fd |
