CVE-2023-40548 — Out-of-bounds Write in Redhat Shim

CWE-787 — Out-of-bounds Write CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

7.4HIGHNVD

EPSS

0.0%

top 90.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Shim Fedoraproject Fedora

Timeline

PublishedJan 29

Description

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/shim< 15.8+1

▶Debianredhat/shim< 15.8-1~deb11u1+3

Also affects: Fedora 39

🔴Vulnerability Details

OSV

CVE-2023-40548: A buffer overflow was found in Shim in the 32-bit system↗2024-01-29

▶

CVEList

Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems↗2024-01-29

▶

GHSA

GHSA-7cf2-63mg-hv4j: A buffer overflow was found in Shim in the 32-bit system↗2024-01-29

▶

📋Vendor Advisories

Microsoft

Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems↗2024-01-09

▶

Red Hat

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems↗2023-10-03

▶

Debian

CVE-2023-40548: shim - A buffer overflow was found in Shim in the 32-bit system. The overflow happens d...↗2023

▶