{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-40547", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-08-15T20:04:15.615Z", "datePublished": "2024-01-25T15:54:23.102Z", "dateUpdated": "2024-11-24T14:19:00.724Z"}, "containers": {"cna": {"title": "Shim: rce in http boot support may lead to secure boot bypass", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-3.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-signed", "defaultStatus": "affected", "versions": [{"version": "0:15.8-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-4.el8_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-unsigned-x64", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-4.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-3.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-unsigned-aarch64", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-unsigned-x64", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-3.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1834", "name": "RHSA-2024:1834", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1835", "name": "RHSA-2024:1835", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1873", "name": "RHSA-2024:1873", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1876", "name": "RHSA-2024:1876", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1883", "name": "RHSA-2024:1883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1902", "name": "RHSA-2024:1902", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1903", "name": "RHSA-2024:1903", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1959", "name": "RHSA-2024:1959", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2086", "name": "RHSA-2024:2086", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-40547", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589", "name": "RHBZ#2234589", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-01-23T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-346->CWE-787: Origin Validation Error leads to Out-of-bounds Write", "workarounds": [{"lang": "en", "value": "If a system isn\u2019t required to boot from the network, configure the server\u2019s boot order to disable entirely or skip the network boot."}], "timeline": [{"lang": "en", "time": "2023-05-05T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-23T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Bill Demirkapi (Microsoft Security Response Center) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-24T14:19:00.724Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:50.942Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/01/26/1", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1834", "name": "RHSA-2024:1834", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1835", "name": "RHSA-2024:1835", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1873", "name": "RHSA-2024:1873", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1876", "name": "RHSA-2024:1876", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1883", "name": "RHSA-2024:1883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1902", "name": "RHSA-2024:1902", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1903", "name": "RHSA-2024:1903", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1959", "name": "RHSA-2024:1959", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2086", "name": "RHSA-2024:2086", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-40547", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589", "name": "RHBZ#2234589", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*", "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28", "versionEndExcluding": "15.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Shim. El soporte de arranque Shim conf\u00eda en los valores controlados por el atacante al analizar una respuesta HTTP. Este fallo permite a un atacante manipular una solicitud HTTP maliciosa espec\u00edfica, lo que lleva a una escritura fuera de los l\u00edmites completamente controlada primitiva y a un compromiso completo del sistema."}], "id": "CVE-2023-40547", "lastModified": "2024-11-21T08:19:41.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-25T16:15:07.717", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1834"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1835"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1873"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1876"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1883"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1902"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1903"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1959"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2086"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-40547"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/01/26/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1959"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2086"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-40547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Bill Demirkapi (Microsoft Security Response Center) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:1959", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-0:15.8-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:1959", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "shim-signed-0:15.8-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-04-23T00:00:00Z"}, {"advisory": "RHSA-2024:1902", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "shim-0:15.8-4.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1834", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "shim-0:15.8-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1834", "cpe": "cpe:/o:redhat:rhel_tus:8.2", "package": "shim-0:15.8-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1834", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "shim-0:15.8-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1873", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "shim-0:15.8-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1873", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "shim-0:15.8-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1873", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "shim-0:15.8-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:2086", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "shim-0:15.8-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:1883", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "shim-0:15.8-2.el8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1883", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "shim-unsigned-x64-0:15.8-2.el8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1903", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "shim-0:15.8-4.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1835", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "shim-0:15.8-3.el9", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1835", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "shim-unsigned-aarch64-0:15.8-2.el9", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1835", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "shim-unsigned-x64-0:15.8-2.el9", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-04-16T00:00:00Z"}, {"advisory": "RHSA-2024:1876", "cpe": "cpe:/o:redhat:rhel_eus:9.2", "package": "shim-0:15.8-3.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-04-18T00:00:00Z"}], "bugzilla": {"description": "shim: RCE in http boot support may lead to Secure Boot bypass", "id": "2234589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-346->CWE-787", "details": ["A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.", "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."], "mitigation": {"lang": "en:us", "value": "If a system isn\u2019t required to boot from the network, configure the server\u2019s boot order to disable entirely or skip the network boot."}, "name": "CVE-2023-40547", "public_date": "2024-01-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-40547\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40547"], "statement": "This flaw is only exploitable when the machine is booting UEFI through the network. During startup, before loading a local boot image, Shim checks whether the system is configured to support network booting. If the check succeeds, Shim attempts to load the bootable image from the boot's previously configured server using the HTTP protocol, which exposes the system to the vulnerability described by this CVE.", "threat_severity": "Important", "upstream_fix": "shim 15.8"}