CVE-2023-40550

2024-01-2300:00:00

ubuntu.com

cve-2023-40550

uefi

secure boot

key revocation

evil housekeeper attacks

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

An out-of-bounds read flaw was found in Shim when it tried to validate the
SBAT information. This issue may expose sensitive data during the system’s
boot phase.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/shim/+bug/2051151>

Notes

Author	Note
eslerm	UEFI Security Response Team states that dbx update is not needed
eslerm	secureboot-db should only ever be updated after shim secureboot-db is not updated on ESM releases as doing so would revoke install media keys Note that key revocation is required to protect against evil housekeeper attacks (such as BlackLotus) see also e7f5fdf (“pe-relocate: Ensure nothing else implements CVE-2023-40550”)

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchshim< anyUNKNOWN
ubuntu20.04noarchshim< anyUNKNOWN
ubuntu22.04noarchshim< anyUNKNOWN
ubuntu23.10noarchshim< anyUNKNOWN
ubuntu24.04noarchshim< 15.8-0ubuntu1UNKNOWN
ubuntu18.04noarchshim-signed< anyUNKNOWN
ubuntu20.04noarchshim-signed< anyUNKNOWN
ubuntu22.04noarchshim-signed< anyUNKNOWN
ubuntu23.10noarchshim-signed< anyUNKNOWN
ubuntu24.04noarchshim-signed< 15.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	shim	< any	UNKNOWN
ubuntu	20.04	noarch	shim	< any	UNKNOWN
ubuntu	22.04	noarch	shim	< any	UNKNOWN
ubuntu	23.10	noarch	shim	< any	UNKNOWN
ubuntu	24.04	noarch	shim	< 15.8-0ubuntu1	UNKNOWN
ubuntu	18.04	noarch	shim-signed	< any	UNKNOWN
ubuntu	20.04	noarch	shim-signed	< any	UNKNOWN
ubuntu	22.04	noarch	shim-signed	< any	UNKNOWN
ubuntu	23.10	noarch	shim-signed	< any	UNKNOWN
ubuntu	24.04	noarch	shim-signed	< 15.8	UNKNOWN