CVE-2014-3677

Name of the Vulnerable Software and Affected Versions shim versions 0.7 shim-debuginfo versions 0.7 shim-signed versions 0.7 shim-unsigned versions 0.7 mokutil version 0.7

Description The issue affects the confidentiality, integrity, and availability of protected information in Red Hat Enterprise Linux. It can be exploited remotely, potentially leading to the execution of arbitrary code via a crafted MOK list, which triggers memory corruption.

Recommendations For shim version 0.7, consider disabling the vulnerable component until a patch is available. For shim-debuginfo version 0.7, restrict access to the vulnerable module to minimize the risk of exploitation. For shim-signed version 0.7, avoid using the crafted MOK list in the affected API endpoint until the issue is resolved. For shim-unsigned version 0.7, restrict access to the vulnerable module to minimize the risk of exploitation. For mokutil version 0.7, consider disabling the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.