CVE-2023-40550

EUVD-2023-45121
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
redhatshim
𝑥
< 15.8
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
shim
bookworm
15.8-1~deb12u1
fixed
bullseye
15.8-1~deb11u1
fixed
sid
15.8-1
fixed
trixie
15.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
secureboot-db
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
ignored
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
shim
bionic
needs-triage
focal
needed
jammy
needed
lunar
ignored
mantic
ignored
noble
Fixed 15.8-0ubuntu1
released
oracular
Fixed 15.8-0ubuntu1
released
trusty
ignored
xenial
ignored
shim-signed
bionic
needs-triage
focal
needed
jammy
needed
lunar
ignored
mantic
ignored
noble
Fixed 1.58
released
oracular
Fixed 1.58
released
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40550
https://bugzilla.redhat.com/show_bug.cgi?id=2259915
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40550
https://bugzilla.redhat.com/show_bug.cgi?id=2259915
https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html