Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_suse
Published
2024-04-29 11:19
Modified
2024-04-29 11:19
Summary
Security update for shim
Notes
Title of the patch
Security update for shim
Description of the patch
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
Patchnames
SUSE-2024-1461,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1461,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1461,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1461
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for shim", title: "Title of the patch", }, { category: "description", text: "This update for shim fixes the following issues:\n\n- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)\n- Limit the requirement of fde-tpm-helper-macros to the distro with\n suse_version 1600 and above (bsc#1219460)\n\nUpdate to version 15.8:\n\nSecurity issues fixed:\n\n- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)\n- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)\n- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)\n- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)\n- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)\n- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)\n\n \nThe NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.\n\n- Generate dbx during build so we don't include binary files in sources\n- Don't require grub so shim can still be used with systemd-boot\n- Update shim-install to fix boot failure of ext4 root file system\n on RAID10 (bsc#1205855)\n- Adopt the macros from fde-tpm-helper-macros to update the\n signature in the sealed key after a bootloader upgrade\n\n- Update shim-install to amend full disk encryption support\n - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector\n - Use the long name to specify the grub2 key protector\n - cryptodisk: support TPM authorized policies\n - Do not use tpm_record_pcrs unless the command is in command.lst\n\n- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to\n enable the NX compatibility flag when using post-process-pe after\n discussed with grub2 experts in mail. It's useful for further development\n and testing. (bsc#1205588)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1461,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1461,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1461,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1461", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1461-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1461-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241461-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1461-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-April/035121.html", }, { category: "self", summary: "SUSE Bug 1198101", url: "https://bugzilla.suse.com/1198101", }, { category: "self", summary: "SUSE Bug 1205588", url: "https://bugzilla.suse.com/1205588", }, { category: "self", summary: "SUSE Bug 1205855", url: "https://bugzilla.suse.com/1205855", }, { category: "self", summary: "SUSE Bug 1210382", url: "https://bugzilla.suse.com/1210382", }, { category: "self", summary: "SUSE Bug 1213945", url: "https://bugzilla.suse.com/1213945", }, { category: "self", summary: "SUSE Bug 1215098", url: "https://bugzilla.suse.com/1215098", }, { category: "self", summary: "SUSE Bug 1215099", url: "https://bugzilla.suse.com/1215099", }, { category: "self", summary: "SUSE Bug 1215100", url: "https://bugzilla.suse.com/1215100", }, { category: "self", summary: "SUSE Bug 1215101", url: "https://bugzilla.suse.com/1215101", }, { category: "self", summary: "SUSE Bug 1215102", url: "https://bugzilla.suse.com/1215102", }, { category: "self", summary: "SUSE Bug 1215103", url: "https://bugzilla.suse.com/1215103", }, { category: "self", summary: "SUSE Bug 1219460", url: "https://bugzilla.suse.com/1219460", }, { category: "self", summary: "SUSE CVE CVE-2022-28737 page", url: "https://www.suse.com/security/cve/CVE-2022-28737/", }, { category: "self", summary: "SUSE CVE CVE-2023-40546 page", url: "https://www.suse.com/security/cve/CVE-2023-40546/", }, { category: "self", summary: "SUSE CVE CVE-2023-40547 page", url: "https://www.suse.com/security/cve/CVE-2023-40547/", }, { category: "self", summary: "SUSE CVE CVE-2023-40548 page", url: "https://www.suse.com/security/cve/CVE-2023-40548/", }, { category: "self", summary: "SUSE CVE CVE-2023-40549 page", url: "https://www.suse.com/security/cve/CVE-2023-40549/", }, { category: "self", summary: "SUSE CVE CVE-2023-40550 page", url: "https://www.suse.com/security/cve/CVE-2023-40550/", }, { category: "self", summary: "SUSE CVE CVE-2023-40551 page", url: "https://www.suse.com/security/cve/CVE-2023-40551/", }, ], title: "Security update for shim", tracking: { current_release_date: "2024-04-29T11:19:11Z", generator: { date: "2024-04-29T11:19:11Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1461-1", initial_release_date: "2024-04-29T11:19:11Z", revision_history: [ { date: "2024-04-29T11:19:11Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "shim-15.8-150100.3.38.1.x86_64", product: { name: "shim-15.8-150100.3.38.1.x86_64", product_id: "shim-15.8-150100.3.38.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "shim-15.8-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", }, product_reference: "shim-15.8-150100.3.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", }, product_reference: "shim-15.8-150100.3.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "shim-15.8-150100.3.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", }, product_reference: "shim-15.8-150100.3.38.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2022-28737", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28737", }, ], notes: [ { category: "general", text: "There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28737", url: "https://www.suse.com/security/cve/CVE-2022-28737", }, { category: "external", summary: "SUSE Bug 1198458 for CVE-2022-28737", url: "https://bugzilla.suse.com/1198458", }, { category: "external", summary: "SUSE Bug 1205065 for CVE-2022-28737", url: "https://bugzilla.suse.com/1205065", }, { category: "external", summary: "SUSE Bug 1205066 for CVE-2022-28737", url: "https://bugzilla.suse.com/1205066", }, { category: "external", summary: "SUSE Bug 1205831 for CVE-2022-28737", url: "https://bugzilla.suse.com/1205831", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "important", }, ], title: "CVE-2022-28737", }, { cve: "CVE-2023-40546", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40546", }, ], notes: [ { category: "general", text: "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40546", url: "https://www.suse.com/security/cve/CVE-2023-40546", }, { category: "external", summary: "SUSE Bug 1215099 for CVE-2023-40546", url: "https://bugzilla.suse.com/1215099", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "moderate", }, ], title: "CVE-2023-40546", }, { cve: "CVE-2023-40547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40547", }, ], notes: [ { category: "general", text: "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40547", url: "https://www.suse.com/security/cve/CVE-2023-40547", }, { category: "external", summary: "SUSE Bug 1215098 for CVE-2023-40547", url: "https://bugzilla.suse.com/1215098", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "important", }, ], title: "CVE-2023-40547", }, { cve: "CVE-2023-40548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40548", }, ], notes: [ { category: "general", text: "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40548", url: "https://www.suse.com/security/cve/CVE-2023-40548", }, { category: "external", summary: "SUSE Bug 1215100 for CVE-2023-40548", url: "https://bugzilla.suse.com/1215100", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "moderate", }, ], title: "CVE-2023-40548", }, { cve: "CVE-2023-40549", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40549", }, ], notes: [ { category: "general", text: "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40549", url: "https://www.suse.com/security/cve/CVE-2023-40549", }, { category: "external", summary: "SUSE Bug 1215101 for CVE-2023-40549", url: "https://bugzilla.suse.com/1215101", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "moderate", }, ], title: "CVE-2023-40549", }, { cve: "CVE-2023-40550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40550", }, ], notes: [ { category: "general", text: "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40550", url: "https://www.suse.com/security/cve/CVE-2023-40550", }, { category: "external", summary: "SUSE Bug 1215102 for CVE-2023-40550", url: "https://bugzilla.suse.com/1215102", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "moderate", }, ], title: "CVE-2023-40550", }, { cve: "CVE-2023-40551", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40551", }, ], notes: [ { category: "general", text: "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40551", url: "https://www.suse.com/security/cve/CVE-2023-40551", }, { category: "external", summary: "SUSE Bug 1215103 for CVE-2023-40551", url: "https://bugzilla.suse.com/1215103", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:shim-15.8-150100.3.38.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:shim-15.8-150100.3.38.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-29T11:19:11Z", details: "moderate", }, ], title: "CVE-2023-40551", }, ], }
cve-2023-40549
Vulnerability from cvelistv5
Published
2024-01-29 16:29
Modified
2024-11-24 14:19
Severity ?
EPSS score ?
Summary
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1835 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1873 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1876 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1902 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1903 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1959 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2086 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-40549 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2241797 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:15.8-3.el7 < * cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.333Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-40549", }, { name: "RHBZ#2241797", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241797", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40549", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-11T19:17:30.752609Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-12T17:53:09.919Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "shim-signed", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-aarch64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, ], datePublic: "2024-01-23T00:00:00+00:00", descriptions: [ { lang: "en", value: "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T14:19:11.402Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-40549", }, { name: "RHBZ#2241797", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241797", }, ], timeline: [ { lang: "en", time: "2023-10-02T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-01-23T00:00:00+00:00", value: "Made public.", }, ], title: "Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file", workarounds: [ { lang: "en", value: "There's no available mitigation for this issue.", }, ], x_redhatCweChain: "CWE-125: Out-of-bounds Read", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-40549", datePublished: "2024-01-29T16:29:26.170Z", dateReserved: "2023-08-15T20:04:15.615Z", dateUpdated: "2024-11-24T14:19:11.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40551
Vulnerability from cvelistv5
Published
2024-01-29 16:46
Modified
2024-11-24 14:19
Severity ?
EPSS score ?
Summary
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1835 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1873 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1876 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1902 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1903 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1959 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2086 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-40551 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2259918 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:15.8-3.el7 < * cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-40551", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T16:31:11.138934Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:19:12.747Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-40551", }, { name: "RHBZ#2259918", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259918", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", ], defaultStatus: "affected", packageName: "shim-signed", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-aarch64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, ], datePublic: "2024-01-23T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T14:19:30.770Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-40551", }, { name: "RHBZ#2259918", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259918", }, ], timeline: [ { lang: "en", time: "2023-07-26T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-01-23T00:00:00+00:00", value: "Made public.", }, ], title: "Shim: out of bounds read when parsing mz binaries", x_redhatCweChain: "CWE-125: Out-of-bounds Read", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-40551", datePublished: "2024-01-29T16:46:43.579Z", dateReserved: "2023-08-15T20:04:15.616Z", dateUpdated: "2024-11-24T14:19:30.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28737
Vulnerability from cvelistv5
Published
2023-07-20 00:26
Modified
2024-10-22 13:17
Severity ?
EPSS score ?
Summary
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2022/06/07/5 | mailing-list | |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat Bootloader Team | shim |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "mailing-list", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/06/07/5", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "shim", vendor: "redhat", versions: [ { lessThan: "15.6", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-28737", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T13:15:51.434701Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T13:17:50.789Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { packageName: "shim", platforms: [ "Linux", ], product: "shim", repo: "https://github.com/rhboot/shim/", vendor: "Red Hat Bootloader Team", versions: [ { lessThan: "15.6", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Chris Coulson", }, ], datePublic: "2022-06-13T00:00:00.000Z", descriptions: [ { lang: "en", value: "There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], providerMetadata: { dateUpdated: "2023-07-20T15:38:14.142Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "mailing-list", ], url: "https://www.openwall.com/lists/oss-security/2022/06/07/5", }, { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737", }, ], title: "There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables", }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2022-28737", datePublished: "2023-07-20T00:26:15.627Z", dateReserved: "2022-04-05T21:59:08.761Z", dateUpdated: "2024-10-22T13:17:50.789Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40550
Vulnerability from cvelistv5
Published
2024-01-29 16:29
Modified
2024-11-24 14:19
Severity ?
EPSS score ?
Summary
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1835 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1873 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1876 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1902 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1903 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1959 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2086 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-40550 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2259915 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:15.8-3.el7 < * cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-40550", }, { name: "RHBZ#2259915", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259915", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "shim-signed", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-aarch64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, ], datePublic: "2024-01-23T00:00:00+00:00", descriptions: [ { lang: "en", value: "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T14:19:14.562Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-40550", }, { name: "RHBZ#2259915", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2259915", }, ], timeline: [ { lang: "en", time: "2024-01-23T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-01-23T00:00:00+00:00", value: "Made public.", }, ], title: "Shim: out-of-bound read in verify_buffer_sbat()", x_redhatCweChain: "CWE-125: Out-of-bounds Read", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-40550", datePublished: "2024-01-29T16:29:23.050Z", dateReserved: "2023-08-15T20:04:15.615Z", dateUpdated: "2024-11-24T14:19:14.562Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40546
Vulnerability from cvelistv5
Published
2024-01-29 16:29
Modified
2024-11-24 14:18
Severity ?
EPSS score ?
Summary
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1835 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1873 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1876 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1902 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1903 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1959 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2086 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-40546 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2241796 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:15.8-3.el7 < * cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-40546", }, { name: "RHBZ#2241796", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241796", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", ], defaultStatus: "affected", packageName: "shim-signed", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-aarch64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, ], datePublic: "2024-01-23T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T14:18:46.173Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-40546", }, { name: "RHBZ#2241796", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241796", }, ], timeline: [ { lang: "en", time: "2023-10-02T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-01-23T00:00:00+00:00", value: "Made public.", }, ], title: "Shim: out-of-bounds read printing error messages", workarounds: [ { lang: "en", value: "There's no available mitigation for this issue.", }, ], x_redhatCweChain: "CWE-476: NULL Pointer Dereference", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-40546", datePublished: "2024-01-29T16:29:26.258Z", dateReserved: "2023-08-15T20:04:15.615Z", dateUpdated: "2024-11-24T14:18:46.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40548
Vulnerability from cvelistv5
Published
2024-01-29 14:53
Modified
2024-11-24 14:19
Severity ?
EPSS score ?
Summary
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1835 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1873 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1876 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1902 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1903 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1959 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2086 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-40548 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2241782 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:15.8-3.el7 < * cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-40548", }, { name: "RHBZ#2241782", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "shim-signed", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-aarch64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, ], datePublic: "2023-10-03T00:00:00+00:00", descriptions: [ { lang: "en", value: "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T14:19:01.409Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-40548", }, { name: "RHBZ#2241782", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", }, ], timeline: [ { lang: "en", time: "2023-10-02T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-03T00:00:00+00:00", value: "Made public.", }, ], title: "Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems", workarounds: [ { lang: "en", value: "There's no available mitigation for this issue.", }, ], x_redhatCweChain: "(CWE-190|CWE-787): Integer Overflow or Wraparound or Out-of-bounds Write", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-40548", datePublished: "2024-01-29T14:53:44.319Z", dateReserved: "2023-08-15T20:04:15.615Z", dateUpdated: "2024-11-24T14:19:01.409Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40547
Vulnerability from cvelistv5
Published
2024-01-25 15:54
Modified
2024-11-24 14:19
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1835 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1873 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1876 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1883 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1902 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1903 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1959 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2086 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-40547 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234589 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:15.8-3.el7 < * cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/26/1", }, { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-40547", }, { name: "RHBZ#2234589", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2234589", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "shim-signed", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-1.el7", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el8_9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:8.6::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8_6", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-4.el9_3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-aarch64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", ], defaultStatus: "affected", packageName: "shim-unsigned-x64", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-2.el9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_eus:9.2::baseos", ], defaultStatus: "affected", packageName: "shim", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:15.8-3.el9_2", versionType: "rpm", }, ], }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Bill Demirkapi (Microsoft Security Response Center) for reporting this issue.", }, ], datePublic: "2024-01-23T00:00:00+00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-24T14:19:00.724Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1834", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1834", }, { name: "RHSA-2024:1835", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1835", }, { name: "RHSA-2024:1873", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1873", }, { name: "RHSA-2024:1876", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1876", }, { name: "RHSA-2024:1883", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1883", }, { name: "RHSA-2024:1902", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1902", }, { name: "RHSA-2024:1903", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1903", }, { name: "RHSA-2024:1959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1959", }, { name: "RHSA-2024:2086", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2086", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-40547", }, { name: "RHBZ#2234589", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2234589", }, ], timeline: [ { lang: "en", time: "2023-05-05T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-01-23T00:00:00+00:00", value: "Made public.", }, ], title: "Shim: rce in http boot support may lead to secure boot bypass", workarounds: [ { lang: "en", value: "If a system isn’t required to boot from the network, configure the server’s boot order to disable entirely or skip the network boot.", }, ], x_redhatCweChain: "CWE-346->CWE-787: Origin Validation Error leads to Out-of-bounds Write", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-40547", datePublished: "2024-01-25T15:54:23.102Z", dateReserved: "2023-08-15T20:04:15.615Z", dateUpdated: "2024-11-24T14:19:00.724Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.