A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
Fixes

Solution

No solution given by the vendor.


Workaround

There's no available mitigation for this issue.

History

Thu, 29 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 01 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H'}

cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 18 Sep 2024 09:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H'}

cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H'}


Fri, 06 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T06:14:58.853Z

Reserved: 2023-08-15T20:04:15.615Z

Link: CVE-2023-40548

cve-icon Vulnrichment

Updated: 2024-08-02T18:38:50.361Z

cve-icon NVD

Status : Modified

Published: 2024-01-29T15:15:08.893

Modified: 2024-11-21T08:19:41.833

Link: CVE-2023-40548

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-10-03T00:00:00Z

Links: CVE-2023-40548 - Bugzilla

cve-icon OpenCVE Enrichment

No data.