Vulnerability Details : CVE-2023-40548
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2023-40548
- cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40548
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40548
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.4
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.4
|
5.9
|
NIST | 2024-02-06 |
|
7.4
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.4
|
5.9
|
Red Hat, Inc. | 2024-10-01 |
|
6.9
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H |
1.4
|
5.5
|
Red Hat, Inc. | 2024-09-18 |
|
6.2
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
1.4
|
4.7
|
Red Hat, Inc. | 2024-04-04 |
|
4.9
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
1.4
|
3.4
|
Red Hat, Inc. | 2024-01-29 |
CWE ids for CVE-2023-40548
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: secalert@redhat.com (Secondary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-40548
-
https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
[SECURITY] [DLA 3813-1] shim security update
-
https://access.redhat.com/errata/RHSA-2024:1959
RHSA-2024:1959 - Security Advisory - Red Hat カスタマーポータル
-
https://access.redhat.com/errata/RHSA-2024:1883
RHSA-2024:1883 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2241782
2241782 – (CVE-2023-40548) CVE-2023-40548 shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systemsIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:1873
RHSA-2024:1873 - Security Advisory - Red Hat カスタマーポータル
-
https://access.redhat.com/errata/RHSA-2024:1835
RHSA-2024:1835 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:1876
RHSA-2024:1876 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:1834
RHSA-2024:1834 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:1903
RHSA-2024:1903 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:2086
RHSA-2024:2086 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:1902
RHSA-2024:1902 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/security/cve/CVE-2023-40548
CVE-2023-40548- Red Hat Customer PortalVendor Advisory
Jump to