CVE 2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
Related bugs and status
CVE-2023-40549 (Candidate) is related to these bugs:
Bug #2036604: Synchronous Exception when booting VMs via qemu-efi-aarch64
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | qemu (Ubuntu) | Undecided | Confirmed | ||
| 2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | autopkgtest (Ubuntu) | Undecided | Confirmed | ||
| 2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | cloud-images | Undecided | New | ||
| 2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | edk2 (Ubuntu) | High | Fix Released | ||
| 2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | edk2 (Debian) | Unknown | Fix Released | ||
| 2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | shim (Ubuntu) | Undecided | Fix Released | ||
Bug #2051151: Update to shim 15.8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2051151 | Update to shim 15.8 | shim (Ubuntu) | Undecided | Fix Released | ||
| 2051151 | Update to shim 15.8 | shim-signed (Ubuntu) | Undecided | Fix Released | ||
| 2051151 | Update to shim 15.8 | shim (Debian) | Unknown | Fix Released | ||
| 2051151 | Update to shim 15.8 | shim (Ubuntu Mantic) | Undecided | Confirmed | ||
| 2051151 | Update to shim 15.8 | shim-signed (Ubuntu Mantic) | Undecided | Confirmed | ||
| 2051151 | Update to shim 15.8 | shim (Ubuntu Focal) | Undecided | Confirmed | ||
| 2051151 | Update to shim 15.8 | shim-signed (Ubuntu Focal) | Undecided | Confirmed | ||
| 2051151 | Update to shim 15.8 | shim (Ubuntu Noble) | Undecided | Fix Released | ||
| 2051151 | Update to shim 15.8 | shim-signed (Ubuntu Noble) | Undecided | Fix Released | ||
| 2051151 | Update to shim 15.8 | shim (Ubuntu Jammy) | Undecided | Confirmed | ||
| 2051151 | Update to shim 15.8 | shim-signed (Ubuntu Jammy) | Undecided | Confirmed | ||
See the 
CVE page on Mitre.org
for more details.
