Описание
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | sbat only update |
| esm-infra-legacy/trusty | not-affected | sbat only update |
| esm-infra/bionic | not-affected | sbat only update |
| esm-infra/focal | not-affected | sbat only update |
| esm-infra/xenial | not-affected | sbat only update |
| focal | not-affected | sbat only update |
| jammy | not-affected | sbat only update |
| lunar | ignored | end of life, was needs-triage |
| mantic | not-affected | sbat only update |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 15.8-0ubuntu1 |
| esm-infra-legacy/trusty | ignored | install media keys will never be revoked |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needed | |
| esm-infra/xenial | ignored | install media keys will never be revoked |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 1.58 |
| esm-infra-legacy/trusty | ignored | install media keys will never be revoked |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needed | |
| esm-infra/xenial | ignored | install media keys will never be revoked |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needed |
Показывать по
EPSS
8.3 High
CVSS3
Связанные уязвимости
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass
A remote code execution vulnerability was found in Shim. The Shim boot ...
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.
EPSS
8.3 High
CVSS3