fkie_nvd - fkie_cve-2023-40548

fkie_cve-2023-40548

Vulnerability from fkie_nvd

Published

2024-01-29 15:15

Modified

2024-11-21 08:19

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1834
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1835
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1873
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1876
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1883
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1902
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1903
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1959
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:2086
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-40548	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2241782	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1834
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1835
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1873
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1876
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1883
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1902
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1903
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1959
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:2086
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-40548	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2241782	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html

Impacted products

Vendor	Product	Version
redhat	shim	*
redhat	shim	15.8
fedoraproject	fedora	39

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01639865-3664-4034-BCFB-F4E09AF37F28",
              "versionEndExcluding": "15.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BF11AEF9-B742-46DC-94D2-6160B93767BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operaci\u00f3n de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza adem\u00e1s para operaciones de asignaci\u00f3n de memoria, lo que provoca un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria. Esta falla causa da\u00f1os en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio."
    }
  ],
  "id": "CVE-2023-40548",
  "lastModified": "2024-11-21T08:19:41.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-29T15:15:08.893",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-40548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-40548 (GCVE-0-2023-40548)

Vulnerability from cvelistv5

Published

2024-01-29 14:53

Modified

2025-05-29 15:09

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:1834	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1835	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1873	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1876	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1883	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1902	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1903	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1959	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2086	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-40548	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2241782	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Red Hat

Red Hat Enterprise Linux 7

Unaffected: 0:15.8-3.el7   < *
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation

Red Hat	Red Hat Enterprise Linux 7	Unaffected: 0:15.8-1.el7 < * cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:15.8-4.el8_9 < * cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:15.8-2.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Unaffected: 0:15.8-2.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Unaffected: 0:15.8-2.el8_2 < * cpe:/o:redhat:rhel_tus:8.2::baseos cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:15.8-2.el8_4 < * cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 0:15.8-2.el8_4 < * cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 0:15.8-2.el8_4 < * cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 0:15.8-2.el8_6 < * cpe:/o:redhat:rhel_eus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:15.8-2.el8 < * cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 0:15.8-2.el8 < * cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:15.8-4.el9_3 < * cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	Unaffected: 0:15.8-3.el9 < * cpe:/a:redhat:rhel_eus:9.0::appstream cpe:/a:redhat:rhel_eus:9.0::crb cpe:/o:redhat:rhel_eus:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	Unaffected: 0:15.8-2.el9 < * cpe:/a:redhat:rhel_eus:9.0::appstream cpe:/a:redhat:rhel_eus:9.0::crb cpe:/o:redhat:rhel_eus:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	Unaffected: 0:15.8-2.el9 < * cpe:/a:redhat:rhel_eus:9.0::appstream cpe:/a:redhat:rhel_eus:9.0::crb cpe:/o:redhat:rhel_eus:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 0:15.8-3.el9_2 < * cpe:/o:redhat:rhel_eus:9.2::baseos

Show details on NVD website