CVE-2023-40550

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
redhatshim
𝑥
< 15.8
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
shim
bullseye
15.8-1~deb11u1
fixed
bookworm
15.8-1~deb12u1
fixed
trixie
15.8-1
fixed
sid
15.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
secureboot-db
oracular
not-affected
noble
not-affected
mantic
not-affected
lunar
ignored
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
shim
oracular
Fixed 15.8-0ubuntu1
released
noble
Fixed 15.8-0ubuntu1
released
mantic
ignored
lunar
ignored
jammy
needed
focal
needed
bionic
needs-triage
xenial
ignored
trusty
ignored
shim-signed
oracular
Fixed 1.58
released
noble
Fixed 1.58
released
mantic
ignored
lunar
ignored
jammy
needed
focal
needed
bionic
needs-triage
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40550
https://bugzilla.redhat.com/show_bug.cgi?id=2259915
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40550
https://bugzilla.redhat.com/show_bug.cgi?id=2259915
https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html