CVE-2023-40548

Updated: 2024-06-11 04:15:56.428308

Description:

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.4

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 7 ELS shim 15 7.4 HIGH In Rollout CLSA-2024:1721204645 2024-07-17 05:36:03
CentOS 8.4 ELS shim 15-15 7.4 HIGH Released CLSA-2024:1711036007 2024-03-21 14:09:50
CentOS 8.5 ELS shim 15-15 7.4 HIGH Released CLSA-2024:1711036383 2024-03-21 14:09:49
CentOS Stream 8 ELS shim 15 7.4 HIGH In Progress 2024-07-14 17:22:39