A flaw was found in the way shim processed Machine Owner Keys (MOKs). This could lead to memory corruption in shim, possibly leading to arbitrary code execution. Acknowledgements: Red Hat would like to thank the SUSE Security Team for reporting this issue.
Created attachment 942903 [details] proposed patch
Public now: http://seclists.org/oss-sec/2014/q4/311
Created shim tracking bugs for this issue: Affects: fedora-all [bug 1152388]
shim-0.8-1.fc22, shim-signed-0.8-1.fc22, mokutil-0.2.0-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys (MOKs). A local attacker could potentially use this flaw to execute arbitrary code on the system.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1801 https://rhn.redhat.com/errata/RHSA-2014-1801.html
mokutil-0.2.0-1.fc19, shim-signed-0.8-2 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mokutil-0.2.0-1.fc20, shim-signed-0.8-3 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.