Vulnerability CVE-2023-40548: Information

Description

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-40548
Published: Jan. 29, 2024
Modified: May 8, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
shimsisyphus15.8-alt115.8-alt2ALT-PU-2024-1671-2339548Fixed
shimp1015.8-alt115.8-alt1ALT-PU-2024-1877-3339915Fixed
shimc10f115.8-alt115.8-alt1ALT-PU-2024-4050-2342790Fixed
shimc9f215.8-alt115.8-alt1ALT-PU-2024-1869-3339892Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2023-40548
  • Vendor Advisory
RHBZ#2241782
  • Issue Tracking
  • Vendor Advisory
RHSA-2024:1834
    RHSA-2024:1835
      RHSA-2024:1873
        RHSA-2024:1876
          RHSA-2024:1883
            RHSA-2024:1902
              RHSA-2024:1903
                RHSA-2024:1959
                  RHSA-2024:2086

                      1. Configuration 1

                        cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*
                        End excliding
                        15.8
                        cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*

                        Configuration 2

                        cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.1
                    Back to top