AZL-34197 CVE-2023-40548 affecting package shim for versions less than 15.8-1

🗓️ 29 Jan 2024 15:15:08Reported by GoogleType

osv🔗 osv.dev👁 3 Views

AZL-34197 CVE-2023-40548: Shim 32-bit before 15.8-1 overflows from a user-controlled PE value used in memory allocation, causing heap overflow and boot-time crashes.

Reporter	Title	Published	Views	Family All 139
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	6 Jun 202414:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in shim library (CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551) affect Power HMC.	10 Sep 202414:51	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0114: shim (ALINUX3-SA-2024:0114)	14 May 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: shim / shim-unsigned-aarch64 / shim-unsigned-x64 (CVE-2023-40548)	10 Feb 202500:00	–	nessus
Tenable Nessus	CentOS 7 : shim (RHSA-2024:1959)	26 Apr 202400:00	–	nessus
Tenable Nessus	Debian dla-3813 : shim-helpers-amd64-signed-template - security update	14 May 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1227)	12 Mar 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1249)	12 Mar 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1619)	15 May 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2024-1638)	15 May 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-40548

21 Apr 2026 04:27Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.4

EPSS0.00032