CVE-2023-40548

CVSS v3.1

7.4

High

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shim versions for 32-bit systems

Description The issue is related to a buffer overflow in the UEFI boot loader shim for 32-bit systems. This overflow occurs due to an addition operation involving a user-controlled value parsed from the PE binary used by shim. The value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw can cause memory corruption and may result in a crash or data integrity issues during the boot phase.

Recommendations For Shim versions for 32-bit systems, consider disabling the vulnerable component until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

ALSA-2024:1902

ALSA-2024:1903

ALT-PU-2024-1671

ALT-PU-2024-1869

ALT-PU-2024-1877

ALT-PU-2024-4050

AZL-34093

AZL-34197

AZL-35255

AZL-35263

AZL-35275

BDU:2024-02896

CESA-2024_1902

CVE-2023-40548

DLA-3813-1

OESA-2024-1117

OESA-2024-1118

OESA-2024-1119

OESA-2024-1120

OPENSUSE-SU-2024_1368-1

RHSA-2024:1834

RHSA-2024:1835

RHSA-2024:1873

RHSA-2024:1876

RHSA-2024:1883

RHSA-2024:1902

RHSA-2024:1903

RHSA-2024:1959

RHSA-2024:2086

RHSA-2024_1902

RHSA-2024_1903

RHSA-2024_1959

SUSE-SU-2024:1368-1

SUSE-SU-2024:1461-1

SUSE-SU-2024:1462-1

SUSE-SU-2025:20136-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Suse

Shim

CVE-2023-40548

Weakness Enumeration

Related Identifiers

Affected Products

References · 106