rhsa-2024:1876
Vulnerability from csaf_redhat
Published
2024-04-18 01:47
Modified
2024-11-24 14:20
Summary
Red Hat Security Advisory: shim bug fix update

Notes

Topic
An update for shim is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547) * shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (CVE-2023-40548) * shim: Out-of-bounds read printing error messages (CVE-2023-40546) * shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549) * shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550) * shim: out of bounds read when parsing MZ binaries (CVE-2023-40551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for shim is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nSecurity Fix(es):\n\n* shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)\n\n* shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (CVE-2023-40548)\n\n* shim: Out-of-bounds read printing error messages (CVE-2023-40546)\n\n* shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549)\n\n* shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)\n\n* shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1876",
        "url": "https://access.redhat.com/errata/RHSA-2024:1876"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2234589",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
      },
      {
        "category": "external",
        "summary": "2241782",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
      },
      {
        "category": "external",
        "summary": "2241796",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
      },
      {
        "category": "external",
        "summary": "2241797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
      },
      {
        "category": "external",
        "summary": "2259915",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"
      },
      {
        "category": "external",
        "summary": "2259918",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259918"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1876.json"
      }
    ],
    "title": "Red Hat Security Advisory: shim bug fix update",
    "tracking": {
      "current_release_date": "2024-11-24T14:20:01+00:00",
      "generator": {
        "date": "2024-11-24T14:20:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:1876",
      "initial_release_date": "2024-04-18T01:47:33+00:00",
      "revision_history": [
        {
          "date": "2024-04-18T01:47:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-04-18T01:47:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T14:20:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
                  "product_id": "BaseOS-9.2.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:9.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shim-0:15.8-3.el9_2.src",
                "product": {
                  "name": "shim-0:15.8-3.el9_2.src",
                  "product_id": "shim-0:15.8-3.el9_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/shim@15.8-3.el9_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shim-aa64-0:15.8-3.el9_2.aarch64",
                "product": {
                  "name": "shim-aa64-0:15.8-3.el9_2.aarch64",
                  "product_id": "shim-aa64-0:15.8-3.el9_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/shim-aa64@15.8-3.el9_2?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shim-x64-0:15.8-3.el9_2.x86_64",
                "product": {
                  "name": "shim-x64-0:15.8-3.el9_2.x86_64",
                  "product_id": "shim-x64-0:15.8-3.el9_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/shim-x64@15.8-3.el9_2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shim-0:15.8-3.el9_2.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
          "product_id": "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src"
        },
        "product_reference": "shim-0:15.8-3.el9_2.src",
        "relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shim-aa64-0:15.8-3.el9_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
          "product_id": "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64"
        },
        "product_reference": "shim-aa64-0:15.8-3.el9_2.aarch64",
        "relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shim-x64-0:15.8-3.el9_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)",
          "product_id": "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        },
        "product_reference": "shim-x64-0:15.8-3.el9_2.x86_64",
        "relates_to_product_reference": "BaseOS-9.2.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-40546",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2023-10-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2241796"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn\u0027t match the format string used by it, leading to a crash under certain circumstances.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shim: Out-of-bounds read printing error messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
          "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
          "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40546"
        },
        {
          "category": "external",
          "summary": "RHBZ#2241796",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241796"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40546"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40546",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40546"
        }
      ],
      "release_date": "2024-01-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T01:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "category": "workaround",
          "details": "There\u0027s no available mitigation for this issue.",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "shim: Out-of-bounds read printing error messages"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bill Demirkapi"
          ],
          "organization": "Microsoft Security Response Center"
        }
      ],
      "cve": "CVE-2023-40547",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2023-05-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2234589"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shim: RCE in http boot support may lead to Secure Boot bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is only exploitable when the machine is booting UEFI through the network. During startup, before loading a local boot image, Shim checks whether the system is configured to support network booting. If the check succeeds, Shim attempts to load the bootable image from the boot\u0027s previously configured server using the HTTP protocol, which exposes the system to the vulnerability described by this CVE.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
          "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
          "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40547"
        },
        {
          "category": "external",
          "summary": "RHBZ#2234589",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40547",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40547"
        }
      ],
      "release_date": "2024-01-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T01:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "category": "workaround",
          "details": "If a system isn\u2019t required to boot from the network, configure the server\u2019s boot order to disable entirely or skip the network boot.",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "shim: RCE in http boot support may lead to Secure Boot bypass"
    },
    {
      "cve": "CVE-2023-40548",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2023-10-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2241782"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
          "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
          "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
        },
        {
          "category": "external",
          "summary": "RHBZ#2241782",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40548"
        }
      ],
      "release_date": "2023-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T01:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "category": "workaround",
          "details": "There\u0027s no available mitigation for this issue.",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems"
    },
    {
      "cve": "CVE-2023-40549",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2023-10-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2241797"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
          "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
          "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40549"
        },
        {
          "category": "external",
          "summary": "RHBZ#2241797",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241797"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40549"
        }
      ],
      "release_date": "2024-01-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T01:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        },
        {
          "category": "workaround",
          "details": "There\u0027s no available mitigation for this issue.",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file"
    },
    {
      "cve": "CVE-2023-40550",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2024-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2259915"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system\u0027s boot phase.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shim: Out-of-bound read in verify_buffer_sbat()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
          "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
          "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40550"
        },
        {
          "category": "external",
          "summary": "RHBZ#2259915",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40550"
        }
      ],
      "release_date": "2024-01-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T01:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "shim: Out-of-bound read in verify_buffer_sbat()"
    },
    {
      "cve": "CVE-2023-40551",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2023-07-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2259918"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system\u0027s boot phase.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shim: out of bounds read when parsing MZ binaries",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
          "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
          "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40551"
        },
        {
          "category": "external",
          "summary": "RHBZ#2259918",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259918"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40551"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40551",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40551"
        }
      ],
      "release_date": "2024-01-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-18T01:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1876"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.2.0.Z.EUS:shim-0:15.8-3.el9_2.src",
            "BaseOS-9.2.0.Z.EUS:shim-aa64-0:15.8-3.el9_2.aarch64",
            "BaseOS-9.2.0.Z.EUS:shim-x64-0:15.8-3.el9_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "shim: out of bounds read when parsing MZ binaries"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.