CVE-2023-40550 — Out-of-bounds Read in Redhat Shim

CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Shim Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedJan 29

Description

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/shim< 15.8

▶Debianredhat/shim< 15.8-1~deb11u1+3

Also affects: Fedora 39, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-grx2-83w4-8647: An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information↗2024-01-29

▶

OSV

CVE-2023-40550: An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information↗2024-01-29

▶

CVEList

Shim: out-of-bound read in verify_buffer_sbat()↗2024-01-29

▶

📋Vendor Advisories

Red Hat

shim: Out-of-bound read in verify_buffer_sbat()↗2024-01-23

▶

Microsoft

Shim: out-of-bound read in verify_buffer_sbat()↗2024-01-09

▶

Debian

CVE-2023-40550: shim - An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT ...↗2023

▶