A flaw was found in edk2. Function GetEfiGlobalVariable2() return value is not checked possibly leading to secure boot bypass if an attacker can cause the API to fail. References: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
Created edk2 tracking bugs for this issue: Affects: epel-all [bug 1858039] Affects: fedora-all [bug 1858040]
Proposed patch: https://bugzilla.tianocore.org/attachment.cgi?id=405&action=diff
In function DxeImageVerificationHandler() there is a call to GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, ...) but the return value is not checked. If an attacker is able to cause the API to fail it would allow him to bypass secure boot.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6330 https://access.redhat.com/errata/RHSA-2023:6330
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6919 https://access.redhat.com/errata/RHSA-2023:6919
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0408 https://access.redhat.com/errata/RHSA-2024:0408
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1415 https://access.redhat.com/errata/RHSA-2024:1415