Red Hat Shim
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Shim.
Recent Red Hat Shim Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2024:2086 | (RHSA-2024:2086) Important: shim security update | April 29, 2024 |
| RHSA-2024:1959 | (RHSA-2024:1959) Important: shim security update | April 23, 2024 |
| RHSA-2024:1903 | (RHSA-2024:1903) Important: shim bug fix update | April 18, 2024 |
| RHSA-2024:1902 | (RHSA-2024:1902) Important: shim security update | April 18, 2024 |
| RHSA-2024:1883 | (RHSA-2024:1883) Important: shim security update | April 18, 2024 |
| RHSA-2024:1876 | (RHSA-2024:1876) Important: shim bug fix update | April 18, 2024 |
| RHSA-2024:1873 | (RHSA-2024:1873) Important: shim security update | April 18, 2024 |
| RHSA-2024:1835 | (RHSA-2024:1835) Important: shim security update | April 16, 2024 |
| RHSA-2024:1834 | (RHSA-2024:1834) Important: shim security update | April 16, 2024 |
| RHSA-2022:5099 | (RHSA-2022:5099) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update | June 16, 2022 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Shim. Shim did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 6 | 6.45 |
| 2023 | 1 | 7.80 |
It may take a day or so for new Shim vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Shim Security Vulnerabilities
Out-of-Bounds Read in MZ Binary Format of Windows Shim
CVE-2023-40551
5.1 - Medium
- January 29, 2024
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
Out-of-bounds Read
Windows Shim ESL Variable Creation Format String Crash
CVE-2023-40546
6.2 - Medium
- January 29, 2024
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
NULL Pointer Dereference
Shim OOBR read leaks sensitive data during boot
CVE-2023-40550
5.5 - Medium
- January 29, 2024
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
Out-of-bounds Read
Windows Shim OOB Read via PE Binary Load
CVE-2023-40549
6.2 - Medium
- January 29, 2024
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
Out-of-bounds Read
Heap-Based Buffer Overflow in Windows Shim via PE User-Controlled Size
CVE-2023-40548
7.4 - High
- January 29, 2024
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
Memory Corruption
RCE in Shim Bootloader via OOB Write (CVE-2023-40547)
CVE-2023-40547
8.3 - High
- January 25, 2024
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
Memory Corruption
CVE-2022-28737: shim handle_image OOB write
CVE-2022-28737
7.8 - High
- July 20, 2023
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
Memory Corruption
Unspecified vulnerability in Shim might
CVE-2014-3677
- October 22, 2014
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
Shim allows remote attackers to cause a denial of service (out-of-bounds read)
CVE-2014-3675
- October 22, 2014
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
Heap-based buffer overflow in Shim
CVE-2014-3676
- October 22, 2014
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Shim or by Red Hat? Click the Watch button to subscribe.
