Vulnerability from csaf_suse
Published
2024-04-22 09:06
Modified
2024-04-22 09:06
Summary
Security update for shim
Notes
Title of the patch
Security update for shim
Description of the patch
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
Patchnames
SUSE-2024-1368,SUSE-SLE-Micro-5.3-2024-1368,SUSE-SLE-Micro-5.4-2024-1368,SUSE-SLE-Micro-5.5-2024-1368,SUSE-SLE-Module-Basesystem-15-SP5-2024-1368,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1368,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1368,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1368,SUSE-SUSE-MicroOS-5.1-2024-1368,SUSE-SUSE-MicroOS-5.2-2024-1368,SUSE-Storage-7.1-2024-1368,openSUSE-Leap-Micro-5.3-2024-1368,openSUSE-Leap-Micro-5.4-2024-1368,openSUSE-SLE-15.5-2024-1368
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for shim", title: "Title of the patch", }, { category: "description", text: "This update for shim fixes the following issues:\n\n- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)\n- Limit the requirement of fde-tpm-helper-macros to the distro with\n suse_version 1600 and above (bsc#1219460)\n\nUpdate to version 15.8:\n\nSecurity issues fixed:\n\n- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)\n- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)\n- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)\n- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)\n- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)\n- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)\n\n \nThe NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.\n\n- Generate dbx during build so we don't include binary files in sources\n- Don't require grub so shim can still be used with systemd-boot\n- Update shim-install to fix boot failure of ext4 root file system\n on RAID10 (bsc#1205855)\n- Adopt the macros from fde-tpm-helper-macros to update the\n signature in the sealed key after a bootloader upgrade\n\n- Update shim-install to amend full disk encryption support\n - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector\n - Use the long name to specify the grub2 key protector\n - cryptodisk: support TPM authorized policies\n - Do not use tpm_record_pcrs unless the command is in command.lst\n\n- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to\n enable the NX compatibility flag when using post-process-pe after\n discussed with grub2 experts in mail. It's useful for further development\n and testing. (bsc#1205588)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1368,SUSE-SLE-Micro-5.3-2024-1368,SUSE-SLE-Micro-5.4-2024-1368,SUSE-SLE-Micro-5.5-2024-1368,SUSE-SLE-Module-Basesystem-15-SP5-2024-1368,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1368,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1368,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1368,SUSE-SUSE-MicroOS-5.1-2024-1368,SUSE-SUSE-MicroOS-5.2-2024-1368,SUSE-Storage-7.1-2024-1368,openSUSE-Leap-Micro-5.3-2024-1368,openSUSE-Leap-Micro-5.4-2024-1368,openSUSE-SLE-15.5-2024-1368", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1368-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1368-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241368-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1368-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-April/035046.html", }, { category: "self", summary: "SUSE Bug 1198101", url: "https://bugzilla.suse.com/1198101", }, { category: "self", summary: "SUSE Bug 1205588", url: "https://bugzilla.suse.com/1205588", }, { category: "self", summary: "SUSE Bug 1205855", url: "https://bugzilla.suse.com/1205855", }, { category: "self", summary: "SUSE Bug 1210382", url: "https://bugzilla.suse.com/1210382", }, { category: "self", summary: "SUSE Bug 1213945", url: "https://bugzilla.suse.com/1213945", }, { category: "self", summary: "SUSE Bug 1215098", url: "https://bugzilla.suse.com/1215098", }, { category: "self", summary: "SUSE Bug 1215099", url: "https://bugzilla.suse.com/1215099", }, { category: "self", summary: "SUSE Bug 1215100", url: "https://bugzilla.suse.com/1215100", }, { category: "self", summary: "SUSE Bug 1215101", url: "https://bugzilla.suse.com/1215101", }, { category: "self", summary: "SUSE Bug 1215102", url: "https://bugzilla.suse.com/1215102", }, { category: "self", summary: "SUSE Bug 1215103", url: "https://bugzilla.suse.com/1215103", }, { category: "self", summary: "SUSE Bug 1219460", url: "https://bugzilla.suse.com/1219460", }, { category: "self", summary: "SUSE CVE CVE-2022-28737 page", url: "https://www.suse.com/security/cve/CVE-2022-28737/", }, { category: "self", summary: "SUSE CVE CVE-2023-40546 page", url: "https://www.suse.com/security/cve/CVE-2023-40546/", }, { category: "self", summary: "SUSE CVE CVE-2023-40547 page", url: "https://www.suse.com/security/cve/CVE-2023-40547/", }, { category: "self", summary: "SUSE CVE CVE-2023-40548 page", url: "https://www.suse.com/security/cve/CVE-2023-40548/", }, { category: "self", summary: "SUSE CVE CVE-2023-40549 page", url: "https://www.suse.com/security/cve/CVE-2023-40549/", }, { category: "self", summary: "SUSE CVE CVE-2023-40550 page", url: "https://www.suse.com/security/cve/CVE-2023-40550/", }, { category: "self", summary: "SUSE CVE CVE-2023-40551 page", url: "https://www.suse.com/security/cve/CVE-2023-40551/", }, ], title: "Security update for shim", tracking: { current_release_date: "2024-04-22T09:06:33Z", generator: { date: "2024-04-22T09:06:33Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1368-1", initial_release_date: "2024-04-22T09:06:33Z", revision_history: [ { date: "2024-04-22T09:06:33Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "efitools-1.9.2-150300.7.3.1.aarch64", product: { name: "efitools-1.9.2-150300.7.3.1.aarch64", product_id: "efitools-1.9.2-150300.7.3.1.aarch64", }, }, { category: "product_version", name: "shim-15.8-150300.4.20.2.aarch64", product: { name: "shim-15.8-150300.4.20.2.aarch64", product_id: "shim-15.8-150300.4.20.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "efitools-1.9.2-150300.7.3.1.i586", product: { name: "efitools-1.9.2-150300.7.3.1.i586", product_id: "efitools-1.9.2-150300.7.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "efitools-1.9.2-150300.7.3.1.x86_64", product: { name: "efitools-1.9.2-150300.7.3.1.x86_64", product_id: "efitools-1.9.2-150300.7.3.1.x86_64", }, }, { category: "product_version", name: "shim-15.8-150300.4.20.2.x86_64", product: { name: "shim-15.8-150300.4.20.2.x86_64", product_id: "shim-15.8-150300.4.20.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.3", product: { name: "SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.4", product: { name: "SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.5", product: { name: "SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP5", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP5", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp4", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 4.3", product: { name: "SUSE Manager Proxy 4.3", product_id: "SUSE Manager Proxy 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.3", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.3", product: { name: "SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.1", product: { name: "SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.2", product: { name: "SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.2", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, { category: "product_name", name: "openSUSE Leap Micro 5.3", product: { name: "openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap-micro:5.3", }, }, }, { category: "product_name", name: "openSUSE Leap Micro 5.4", product: { name: "openSUSE Leap Micro 5.4", product_id: "openSUSE Leap Micro 5.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap-micro:5.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.3", product_id: "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.4", product_id: "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Manager Proxy 4.3", product_id: "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of openSUSE Leap Micro 5.3", product_id: "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "openSUSE Leap Micro 5.3", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of openSUSE Leap Micro 5.4", product_id: "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "openSUSE Leap Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of openSUSE Leap Micro 5.4", product_id: "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "openSUSE Leap Micro 5.4", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", }, product_reference: "shim-15.8-150300.4.20.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150300.4.20.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", }, product_reference: "shim-15.8-150300.4.20.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2022-28737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28737", }, ], notes: [ { category: "general", text: "There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28737", url: "https://www.suse.com/security/cve/CVE-2022-28737", }, { category: "external", summary: "SUSE Bug 1198458 for CVE-2022-28737", url: "https://bugzilla.suse.com/1198458", }, { category: "external", summary: "SUSE Bug 1205065 for CVE-2022-28737", url: "https://bugzilla.suse.com/1205065", }, { category: "external", summary: "SUSE Bug 1205066 for CVE-2022-28737", url: "https://bugzilla.suse.com/1205066", }, { category: "external", summary: "SUSE Bug 1205831 for CVE-2022-28737", url: "https://bugzilla.suse.com/1205831", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "important", }, ], title: "CVE-2022-28737", }, { cve: "CVE-2023-40546", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40546", }, ], notes: [ { category: "general", text: "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40546", url: "https://www.suse.com/security/cve/CVE-2023-40546", }, { category: "external", summary: "SUSE Bug 1215099 for CVE-2023-40546", url: "https://bugzilla.suse.com/1215099", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "moderate", }, ], title: "CVE-2023-40546", }, { cve: "CVE-2023-40547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40547", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40547", url: "https://www.suse.com/security/cve/CVE-2023-40547", }, { category: "external", summary: "SUSE Bug 1215098 for CVE-2023-40547", url: "https://bugzilla.suse.com/1215098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "important", }, ], title: "CVE-2023-40547", }, { cve: "CVE-2023-40548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40548", }, ], notes: [ { category: "general", text: "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40548", url: "https://www.suse.com/security/cve/CVE-2023-40548", }, { category: "external", summary: "SUSE Bug 1215100 for CVE-2023-40548", url: "https://bugzilla.suse.com/1215100", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "moderate", }, ], title: "CVE-2023-40548", }, { cve: "CVE-2023-40549", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40549", }, ], notes: [ { category: "general", text: "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40549", url: "https://www.suse.com/security/cve/CVE-2023-40549", }, { category: "external", summary: "SUSE Bug 1215101 for CVE-2023-40549", url: "https://bugzilla.suse.com/1215101", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "moderate", }, ], title: "CVE-2023-40549", }, { cve: "CVE-2023-40550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40550", }, ], notes: [ { category: "general", text: "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40550", url: "https://www.suse.com/security/cve/CVE-2023-40550", }, { category: "external", summary: "SUSE Bug 1215102 for CVE-2023-40550", url: "https://bugzilla.suse.com/1215102", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "moderate", }, ], title: "CVE-2023-40550", }, { cve: "CVE-2023-40551", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40551", }, ], notes: [ { category: "general", text: "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40551", url: "https://www.suse.com/security/cve/CVE-2023-40551", }, { category: "external", summary: "SUSE Bug 1215103 for CVE-2023-40551", url: "https://bugzilla.suse.com/1215103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64", "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64", "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-22T09:06:33Z", details: "moderate", }, ], title: "CVE-2023-40551", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.