CVE-2023-40550 - OpenCVE

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Shim Enterprise Linux
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:1834
https://access.redhat.com/errata/RHSA-2024:1835
https://access.redhat.com/errata/RHSA-2024:1873
https://access.redhat.com/errata/RHSA-2024:1876
https://access.redhat.com/errata/RHSA-2024:1883
https://access.redhat.com/errata/RHSA-2024:1902
https://access.redhat.com/errata/RHSA-2024:1903
https://access.redhat.com/errata/RHSA-2024:1959
https://access.redhat.com/errata/RHSA-2024:2086
https://access.redhat.com/security/cve/CVE-2023-40550	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2259915	Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-29T16:29:23.050Z

Updated: 2024-05-01T20:20:59.624Z

Reserved: 2023-08-15T20:04:15.615Z

Link: CVE-2023-40550

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-29T17:15:08.773

Modified: 2024-06-10T18:15:22.887

Link: CVE-2023-40550

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-40550", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-08-15T20:04:15.615Z", "datePublished": "2024-01-29T16:29:23.050Z", "dateUpdated": "2024-05-01T20:20:59.624Z"}, "containers": {"cna": {"title": "Shim: out-of-bound read in verify_buffer_sbat()", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-3.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::client"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-signed", "defaultStatus": "affected", "versions": [{"version": "0:15.8-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::client"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-4.el8_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8_6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-unsigned-x64", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-4.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-3.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-unsigned-aarch64", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim-unsigned-x64", "defaultStatus": "affected", "versions": [{"version": "0:15.8-2.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "shim", "defaultStatus": "affected", "versions": [{"version": "0:15.8-3.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1834", "name": "RHSA-2024:1834", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1835", "name": "RHSA-2024:1835", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1873", "name": "RHSA-2024:1873", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1876", "name": "RHSA-2024:1876", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1883", "name": "RHSA-2024:1883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1902", "name": "RHSA-2024:1902", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1903", "name": "RHSA-2024:1903", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1959", "name": "RHSA-2024:1959", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2086", "name": "RHSA-2024:2086", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-40550", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915", "name": "RHBZ#2259915", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"}], "datePublic": "2024-01-23T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "timeline": [{"lang": "en", "time": "2024-01-23T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-23T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-01T20:20:59.624Z"}}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*", "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28", "versionEndExcluding": "15.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de lectura fuera de los l\u00edmites en Shim cuando intent\u00f3 validar la informaci\u00f3n SBAT. Este problema puede exponer datos confidenciales durante la fase de inicio del sistema."}], "id": "CVE-2023-40550", "lastModified": "2024-06-10T18:15:22.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-01-29T17:15:08.773", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1834"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1835"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1873"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1876"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1883"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1902"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1903"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1959"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2086"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-40550"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259915"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}