Lucene search
PRIOn knowledge basePRION:CVE-2023-40547HistoryJan 25, 2024 - 4:15 p.m.
Remote code execution
2024-01-2516:15:00
PRIOn knowledge base
www.prio-n.com
11
remote execution
vulnerability
shim
http
out-of-bounds write
system compromise
early boot phase
man-in-the-middle
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
| CPE | Name | Operator | Version |
|---|---|---|---|
| enterprise_linux | eq | 7.0 | |
| enterprise_linux | eq | 8.0 | |
| enterprise_linux | eq | 9.0 | |
| shim | lt | 15.8 |
Related
osv
osv
CVE-2023-40547
2024-01-25 16:15:07
Important: shim security update
2024-04-18 00:00:00
Important: shim bug fix update
2024-04-18 00:00:00
debiancve
debiancve
CVE-2023-40547
2024-01-25 16:15:07
redhatcve
redhatcve
CVE-2023-40547
2024-01-24 13:48:11
amazon
amazon
Important: shim
2024-02-29 10:03:00
cve
cve
CVE-2023-40547
2024-01-25 16:15:07
CVE-2023-4524
2023-08-25 22:15:11
nvd
nvd
CVE-2023-40547
2024-01-25 16:15:07
CVE-2023-4524
2023-08-25 22:15:11
nessus
nessus
Amazon Linux 2 : shim (ALAS-2024-2484)
2024-03-05 00:00:00
EulerOS 2.0 SP10 : shim (EulerOS-SA-2024-1579)
2024-05-09 00:00:00
EulerOS 2.0 SP9 : shim (EulerOS-SA-2024-1518)
2024-04-08 00:00:00
cnvd
cnvd
Shim Buffer Overflow Vulnerability
2024-02-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2354
2024-02-20 09:39:18
Advisory ROSA-SA-2024-2353
2024-02-20 09:38:41
Advisory ROSA-SA-2024-2385
2024-03-28 06:53:29
ubuntucve
ubuntucve
CVE-2023-40547
2024-01-23 00:00:00
cvelist
cvelist
CVE-2023-40547 Shim: rce in http boot support may lead to secure boot bypass
2024-01-25 15:54:23
openvas
openvas
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1602)
2024-05-10 00:00:00
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1518)
2024-04-08 00:00:00
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1497)
2024-04-08 00:00:00
prion
prion
Open redirect
2023-08-25 22:15:00
fedora
fedora
[SECURITY] Fedora 38 Update: shim-unsigned-x64-15.8-2
2024-03-18 02:18:45
[SECURITY] Fedora 38 Update: shim-15.8-2
2024-03-18 02:18:44
[SECURITY] Fedora 38 Update: shim-unsigned-aarch64-15.8-2
2024-03-18 02:18:45
redhat
redhat
(RHSA-2024:1873) Important: shim security update
2024-04-18 00:58:14
(RHSA-2024:1835) Important: shim security update
2024-04-16 13:34:49
(RHSA-2024:1903) Important: shim bug fix update
2024-04-18 07:49:05
debian
debian
[SECURITY] [DLA 3813-1] shim security update
2024-05-14 09:57:15
oraclelinux
oraclelinux
shim security update
2024-04-25 00:00:00
shim bug fix update
2024-04-22 00:00:00
shim security update
2024-05-01 00:00:00
almalinux
almalinux
Important: shim security update
2024-04-18 00:00:00
Important: shim bug fix update
2024-04-18 00:00:00
redos
redos
ROS-20240411-07
2024-04-11 00:00:00
thn
thn
Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros
2024-02-07 13:33:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-06-06 14:36:19