CVE-2023-40547

EUVD-2023-45118
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.3 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
redhatCNA
8.3 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
redhatshim
𝑥
< 15.8
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5055547
1607 (x64, x86)
KB5055521
1809 (x64, x86)
KB5055519
21H2 (arm64, x64, x86)
KB5055518
22H2 (arm64, x64, x86)
KB5055518
Windows 11
21H2 (arm64, x64)
KB5041592
22H2 (arm64, x64)
KB5055528
23H2 (arm64, x64)
KB5055528
24H2 (arm64)
KB5055523
24H2 (x64)
KB5055528
Windows Server 2012
Server Core
KB5055581
Standard
KB5055581
Windows Server 2012 R2
Server Core
KB5055557
Standard
KB5055557
Windows Server 2016
Server Core
KB5055521
Standard
KB5055521
Windows Server 2019
Server Core
KB5055519
Standard
KB5055519
Windows Server 2022
23H2 Server Core
KB5055527
Server Core
KB5055526
Standard
KB5055526
Debian logo
Debian Releases
Debian Product
Codename
shim
bookworm
15.8-1~deb12u1
fixed
bullseye
15.8-1~deb11u1
fixed
sid
15.8-1
fixed
trixie
15.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
secureboot-db
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
ignored
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
shim
bionic
needs-triage
focal
needed
jammy
needed
lunar
ignored
mantic
ignored
noble
Fixed 15.8-0ubuntu1
released
oracular
Fixed 15.8-0ubuntu1
released
trusty
ignored
xenial
ignored
shim-signed
bionic
needs-triage
focal
needed
jammy
needed
lunar
ignored
mantic
ignored
noble
Fixed 1.58
released
oracular
Fixed 1.58
released
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40547
https://bugzilla.redhat.com/show_bug.cgi?id=2234589
http://www.openwall.com/lists/oss-security/2024/01/26/1
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40547
https://bugzilla.redhat.com/show_bug.cgi?id=2234589
https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html