vulnerability

Red Hat: CVE-2023-40550: shim: Out-of-bound read in verify_buffer_sbat() (Multiple Advisories)

Name: Red Hat: CVE-2023-40550: shim: Out-of-bound read in verify_buffer_sbat() (Multiple Advisories)
Creator: Red Hat
Published: 2024-01-29T00:00:00.000Z
Keywords: CVE, CWE-125, Red Hat, 2023, 40550, shim, redhat-upgrade-mokutil, redhat-upgrade-mokutil-debuginfo, redhat-upgrade-shim-ia32, redhat-upgrade-shim-unsigned-ia32, redhat-upgrade-shim-unsigned-x64, redhat-upgrade-shim-x64, Severity 5

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

Jan 29, 2024

Added

Apr 17, 2024

Modified

Mar 27, 2026

Description

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

Solutions

redhat-upgrade-mokutilredhat-upgrade-mokutil-debuginforedhat-upgrade-shim-ia32redhat-upgrade-shim-unsigned-ia32redhat-upgrade-shim-unsigned-x64redhat-upgrade-shim-x64

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report