Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EuroLinux/shim-review
- https://github.com/Fortinetofficial/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/baramundisoftware/ShimReview_2024
- https://github.com/coreyvelan/shim-review
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/ctrliq/shim-review
- https://github.com/denis-jdsouza/wazuh-vulnerability-report-maker
- https://github.com/jsegitz/shim-review-nonfork
- https://github.com/lenovo-lux/shim-review
- https://github.com/neppe/shim-review
- https://github.com/rhboot/shim-review
- https://github.com/seal-community/patches
- https://github.com/vathpela/shim-review
- https://github.com/zeetim/shim-review