Shim: out-of-bounds read printing error messages
Description
Shim bootloader crashes due to format string mismatch when creating an ESL variable fails, risking denial of service during boot.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Shim bootloader crashes due to format string mismatch when creating an ESL variable fails, risking denial of service during boot.
Vulnerability
An out-of-bounds read vulnerability exists in Shim, a first-stage UEFI boot loader. When an error occurs during the creation of a new ESL (EFI Signature List) variable, Shim attempts to print an error message using a logging function. However, the number of parameters passed does not match the format string, leading to a crash under certain circumstances. Affected versions include Shim prior to the updates provided in RHSA-2024:2086 [2][4].
Exploitation
An attacker would need the ability to trigger a failure while creating an ESL variable. This could be achieved by providing malformed input or influencing the UEFI environment, possibly through physical access or a compromised boot chain. No authentication is required, but the attacker must cause the specific error condition to exploit the crash [2].
Impact
Successful exploitation results in a crash of the Shim boot loader, causing a denial of service. The system may fail to boot or become unstable. The vulnerability is rated Important by Red Hat due to potential impact on system availability [4].
Mitigation
Red Hat has released updated shim packages via RHSA-2024:2086 and other errata. Users should update their shim installation to the fixed version provided. No workarounds are currently available [4].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
39cpe:/o:redhat:enterprise_linux:7::client+ 2 more
- cpe:/o:redhat:enterprise_linux:7::clientrange: 0:15.8-1.el7
- cpe:/o:redhat:enterprise_linux:8::baseosrange: 0:15.8-4.el8_9
- cpe:/o:redhat:enterprise_linux:9::baseosrange: 0:15.8-4.el9_3
- Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Supportv5cpe:/o:redhat:rhel_eus:8.6::baseosRange: 0:15.8-2.el8_6
- Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5cpe:/o:redhat:rhel_eus:8.8::baseosRange: 0:15.8-2.el8
- Red Hat/Red Hat Enterprise Linux 9.0 Extended Update Supportv5cpe:/o:redhat:rhel_eus:9.0::baseosRange: 0:15.8-2.el9
- Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv5cpe:/o:redhat:rhel_eus:9.2::baseosRange: 0:15.8-3.el9_2
cpe:/o:redhat:rhel_tus:8.2::baseos+ 1 more
- cpe:/o:redhat:rhel_tus:8.2::baseosrange: 0:15.8-2.el8_2
- cpe:/o:redhat:rhel_tus:8.4::baseosrange: 0:15.8-2.el8_4
- osv-coords29 versionspkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/pcr-oracle&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/shim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/shim&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/shim&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/shim&distro=SUSE%20Manager%20Server%204.3
< 15.8-4.el8_9.alma.1+ 28 more
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 0.4.6-2.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-25.30.1
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-25.30.1
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-1.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2024:1834mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1835mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1873mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1876mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1883mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1902mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1903mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1959mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2086mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-40546mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.