CVE-2023-40547
Shim: rce in http boot support may lead to secure boot bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Se encontró una vulnerabilidad de ejecución remota de código en Shim. El soporte de arranque Shim confía en los valores controlados por el atacante al analizar una respuesta HTTP. Este fallo permite a un atacante manipular una solicitud HTTP maliciosa específica, lo que lleva a una escritura fuera de los límites completamente controlada primitiva y a un compromiso completo del sistema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-15 CVE Reserved
- 2024-01-25 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-346: Origin Validation Error
- CWE-787: Out-of-bounds Write
CAPEC
References (13)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2024/01/26/1 | 2024-06-10 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1834 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1835 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1873 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1876 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1883 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1902 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1903 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:1959 | 2024-06-10 | |
| https://access.redhat.com/errata/RHSA-2024:2086 | 2024-06-10 | |
| https://access.redhat.com/security/cve/CVE-2023-40547 | 2024-04-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234589 | 2024-04-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Shim Search vendor "Redhat" for product "Shim" | < 15.8 Search vendor "Redhat" for product "Shim" and version " < 15.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||