Launchpad.net

CVE 2023-40551

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

Related bugs and status

CVE-2023-40551 (Candidate) is related to these bugs:

Bug #2036604: Synchronous Exception when booting VMs via qemu-efi-aarch64

		In	Importance	Status
2036604	Synchronous Exception when booting VMs via qemu-efi-aarch64	qemu (Ubuntu)	Undecided	Confirmed
2036604	Synchronous Exception when booting VMs via qemu-efi-aarch64	autopkgtest (Ubuntu)	Undecided	Confirmed
2036604	Synchronous Exception when booting VMs via qemu-efi-aarch64	cloud-images	Undecided	New
2036604	Synchronous Exception when booting VMs via qemu-efi-aarch64	edk2 (Ubuntu)	High	Fix Released
2036604	Synchronous Exception when booting VMs via qemu-efi-aarch64	edk2 (Debian)	Unknown	Fix Released
2036604	Synchronous Exception when booting VMs via qemu-efi-aarch64	shim (Ubuntu)	Undecided	Fix Released

Bug #2051151: Update to shim 15.8

		In	Importance	Status
2051151	Update to shim 15.8	shim (Ubuntu)	Undecided	Fix Released
2051151	Update to shim 15.8	shim-signed (Ubuntu)	Undecided	Fix Released
2051151	Update to shim 15.8	shim (Debian)	Unknown	Fix Released
2051151	Update to shim 15.8	shim (Ubuntu Mantic)	Undecided	Confirmed
2051151	Update to shim 15.8	shim-signed (Ubuntu Mantic)	Undecided	Confirmed
2051151	Update to shim 15.8	shim (Ubuntu Focal)	Undecided	Confirmed
2051151	Update to shim 15.8	shim-signed (Ubuntu Focal)	Undecided	Confirmed
2051151	Update to shim 15.8	shim (Ubuntu Noble)	Undecided	Fix Released
2051151	Update to shim 15.8	shim-signed (Ubuntu Noble)	Undecided	Fix Released
2051151	Update to shim 15.8	shim (Ubuntu Jammy)	Undecided	Confirmed
2051151	Update to shim 15.8	shim-signed (Ubuntu Jammy)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-40551

Related bugs and status

Related bugs

References