Vulnerabilities > CVE-2023-40548 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.4 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

redhat

fedoraproject

CWE-787

NVD

Published: 2024-01-29

Updated: 2024-05-08

Summary

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Shim - Redhat Shim 0.3 Redhat Shim 0.4 Redhat Shim 0.5 Redhat Shim 0.7 Redhat Shim 0.8 Redhat Shim 0.9 Redhat Shim 1.0.4 Redhat Shim 1.0.5 Redhat Shim 1.0.6 Redhat Shim 1.0.7 Redhat Shim 1.0.8 Redhat Shim 1.0.9 Redhat Shim 1.1.0 Redhat Shim 1.1.1 Redhat Shim 10 Redhat Shim 11 Redhat Shim 12 Redhat Shim 13 Redhat Shim 14 Redhat Shim 15 Redhat Shim 15.1 Redhat Shim 15.2 Redhat Shim 15.3 Redhat Shim 15.4 Redhat Shim 15.5 Redhat Shim 15.6 Redhat Shim 15.7 Redhat Shim 15.8	36
OS	Fedoraproject Fedoraproject Fedora 39	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References