CVE-2023-40549

Published: 23 January 2024

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

Notes

Author	Note
eslerm	UEFI Security Response Team states that dbx update is not needed secureboot-db should only ever be updated after shim secureboot-db is not updated on ESM releases as doing so would revoke install media keys Note that key revocation is required to protect against evil housekeeper attacks (such as BlackLotus)

Author

Note

eslerm

UEFI Security Response Team states that dbx update is not needed
secureboot-db should only ever be updated after shim
secureboot-db is not updated on ESM releases as doing so would
revoke install media keys Note that key revocation is required to
protect against evil housekeeper attacks (such as BlackLotus)

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
secureboot-db Launchpad, Ubuntu, Debian	bionic	Not vulnerable (sbat only update)
	focal	Not vulnerable (sbat only update)
	jammy	Not vulnerable (sbat only update)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Not vulnerable (sbat only update)
	noble	Not vulnerable (sbat only update)
	trusty	Not vulnerable (sbat only update)
	upstream	Not vulnerable (sbat only update)
	xenial	Not vulnerable (sbat only update)
shim Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needed
	jammy	Needed
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needed
	noble	Released (15.8-0ubuntu1)
	trusty	Ignored (install media keys will never be revoked)
	upstream	Needs triage
	xenial	Ignored (install media keys will never be revoked)
	Patches: upstream: https://github.com/rhboot/shim/commit/afdc5039de0a4a3a40162a32daa070f94a883f09
shim-signed Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needed
	jammy	Needed
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needed
	noble	Released (15.8)
	trusty	Ignored (install media keys will never be revoked)
	upstream	Needs triage
	xenial	Ignored (install media keys will never be revoked)

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/shim/+bug/2051151

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›