Onionpsy

**Name of the Vulnerable Software and Affected Versions** efibootguard versions prior to v0.15 **Description** The issue exists due to insufficient validation and sanitization of input from untrustworthy bootloader environment files, which can cause crashes and potentially allow code injections into `bg setenv` or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, specifically its user variables. Furthermore, `bg printenv` may crash over invalid read accesses or report invalid results. **Recommendations** To resolve the issue, update the efibootguard library and tools to version v0.15 or later. Additionally, update programs that are statically linked against it. As a temporary workaround, consider avoiding accesses to user variables, specifically modifications to them, until the update is applied. Note that an update of the bootloader EFI executable is not required.