AZL-35255 CVE-2023-40548 affecting package shim for versions less than 15.8-3

🗓️ 29 Jan 2024 15:15:08Reported by GoogleType

osv

osv🔗 osv.dev👁 2 Views

Shim library 32-bit overflow from PE parsing user input causing heap corruption during boot.

Reporter	Title	Published	Views	Family All 140
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	6 Jun 202414:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in shim library (CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551) affect Power HMC.	10 Sep 202414:51	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0114: shim (ALINUX3-SA-2024:0114)	14 May 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: shim / shim-unsigned-aarch64 / shim-unsigned-x64 (CVE-2023-40548)	10 Feb 202500:00	–	nessus
Tenable Nessus	CentOS 7 : shim (RHSA-2024:1959)	26 Apr 202400:00	–	nessus
Tenable Nessus	Debian dla-3813 : shim-helpers-amd64-signed-template - security update	14 May 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1227)	12 Mar 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1249)	12 Mar 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1619)	15 May 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2024-1638)	15 May 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-40548

21 Apr 2026 04:27Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.4

EPSS0.00032

shim 32-bit user input pe parsing heap overflow memory allocation boot phase older versions 15.8-3