CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

References

Affected packages

Git / github.com/rhboot/shim

Affected ranges

Type

GIT

Repo

https://github.com/rhboot/shim

Events

Introduced

Fixed

5914984a1ffeab841f482c791426d7ca9935a5e6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "15.8"
        }
    ]
}

Affected versions

0.*

0.3

0.4

0.5

0.7

0.8

0.9

Other

15.*

15.2

15.3

15.4

15.5

15.5-rc2

15.6

15.6-rc2

15.7

shim-15.*

shim-15.3-rc1

shim-15.3-rc2

shim-15.3-rc3

shim-15.3-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40547.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]