Does openssl CVE affect shim?

Question

15058718379 opened this issue a year ago · comments

We found that the openssl code involves these CVEs. Does this affect the functionality of the shim?
CVE-2023-0464
CVE-2023-0465
CVE-2023-0466

Peter Jones · Answer 1 · Tue Aug 22 2023 01:21:17 GMT+0800 (China Standard Time)

CVE-2023-0464 - if you can DoS shim with a malicious certificate in the signing chain, then you can DoS the system by removing the bootloader or any number of other ways.
CVE-2023-0465 - we don't enable policy processing
CVE-2023-0466 - we don't enable policy processing