Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 6 of 6 results

CVE-2023-40551

Medium priority

Some fixes available 4 of 19

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

3 affected packages

secureboot-db, shim, shim-signed

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
secureboot-db Not affected Not affected Not affected Not affected Not affected
shim Fixed Vulnerable Vulnerable Needs evaluation Ignored
shim-signed Fixed Vulnerable Vulnerable Needs evaluation Ignored
Show less packages

CVE-2023-40550

Medium priority

Some fixes available 4 of 19

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

3 affected packages

secureboot-db, shim, shim-signed

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
secureboot-db Not affected Not affected Not affected Not affected Not affected
shim Fixed Vulnerable Vulnerable Needs evaluation Ignored
shim-signed Fixed Vulnerable Vulnerable Needs evaluation Ignored
Show less packages

CVE-2023-40549

Medium priority

Some fixes available 4 of 19

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim,...

3 affected packages

secureboot-db, shim, shim-signed

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
secureboot-db Not affected Not affected Not affected Not affected Not affected
shim Fixed Vulnerable Vulnerable Needs evaluation Ignored
shim-signed Fixed Vulnerable Vulnerable Needs evaluation Ignored
Show less packages

CVE-2023-40548

Medium priority

Some fixes available 4 of 19

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory...

3 affected packages

secureboot-db, shim, shim-signed

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
secureboot-db Not affected Not affected Not affected Not affected Not affected
shim Fixed Vulnerable Vulnerable Needs evaluation Ignored
shim-signed Fixed Vulnerable Vulnerable Needs evaluation Ignored
Show less packages

CVE-2023-40547

Medium priority

Some fixes available 4 of 19

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a...

3 affected packages

secureboot-db, shim, shim-signed

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
secureboot-db Not affected Not affected Not affected Not affected Not affected
shim Fixed Vulnerable Vulnerable Needs evaluation Ignored
shim-signed Fixed Vulnerable Vulnerable Needs evaluation Ignored
Show less packages

CVE-2023-40546

Medium priority

Some fixes available 4 of 19

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging...

3 affected packages

secureboot-db, shim, shim-signed

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
secureboot-db Not affected Not affected Not affected Not affected Not affected
shim Fixed Vulnerable Vulnerable Needs evaluation Ignored
shim-signed Fixed Vulnerable Vulnerable Needs evaluation Ignored
Show less packages