CVE-2023-40547
HIGH EPSS 90.9%
Published Jan 25, 20242y ago · Modified Jun 26, 20266d ago
8.3 CVSS 3.1
Published Jan 25, 2024 2y ago
Last Modified Jun 26, 2026 6d ago
Description
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector Adjacent
Attack Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
90.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-346
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 4
References 13
- openwall.com http://www.openwall.com/lists/oss-security/2024/01/26/1
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1834
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1835
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1873
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1876
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1883
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1902
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1903
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:1959
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:2086
- access.redhat.com https://access.redhat.com/security/cve/CVE-2023-40547
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2234589
- lists.debian.org https://lists.debian.org/debian-lts-announce/2024/05/msg00009.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.