{"id":"RLSA-2021:1734","summary":"Moderate: shim security update","details":"The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nSecurity Fix(es):\n\n* grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n* grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n* grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n* grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n* grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n* grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n* grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.","modified":"2026-03-11T05:55:41.552028Z","published":"2021-05-18T05:57:10Z","upstream":["CVE-2020-14372","CVE-2020-25632","CVE-2020-25647","CVE-2020-27749","CVE-2020-27779","CVE-2021-20225","CVE-2021-20233"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2021:1734"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873150"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879577"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886936"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899966"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900698"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924696"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926263"}],"affected":[{"package":{"name":"shim-unsigned-aarch64","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/shim-unsigned-aarch64?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15-7.el8.1.1"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1734.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}