Remote Code Execution Vulnerability in Shim Boot Support
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8.2 Advanced Update Support
- Red Hat Enterprise Linux 8.2 Telecommunications Update Service
- Vendor
- CVE Published:
- 25 January 2024
Badges
Summary
CVE-2023-40547 is a critical vulnerability that was found in Shim, a software component essential for secure boot functionality in various Linux distributions. This flaw allows for remote code execution and complete system compromise by crafting a specific malicious HTTP request. The vulnerability is only exploitable during the early boot phase and impacts Linux distributions like Ubuntu, Debian, and Oracle Linux. A patch has been released to address this issue, and it is essential for Linux users to update their systems promptly to secure their boot process.
Affected Version(s)
Red Hat Enterprise Linux 7 <= 0:15.8-3.el7
Red Hat Enterprise Linux 7 <= 0:15.8-1.el7
Red Hat Enterprise Linux 8 <= 0:15.8-4.el8_9
News Articles
The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed - gHacks Tech News
Here is an overview of the August 2024 security updates that Microsoft released for its Windows operating systems.
3 months ago
BNN Breaking CVE-2023-40547Critical Shim Vulnerability Affecting Linux Secure Boot: An In-depth Look
A serious vulnerability, CVE-2023-40547, discovered in Shim could lead to remote code execution. The bug affects Linux distributions supporting secure boot.
9 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by Penetration Testing
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.