ALSA-2021:1734

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.

Security Fix(es):

• grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)

• grub2: Use-after-free in rmmod command (CVE-2020-25632)

• grub2: Out-of-bounds write in grubusbdevice_initialize() (CVE-2020-25647)

• grub2: Stack buffer overflow in grubparsersplit_cmdline() (CVE-2020-27749)

• grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)

• grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)

• grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.