Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
Description
An out-of-bounds read in Shim's PE loader allows a crafted binary to crash the boot loader, causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in Shim's PE loader allows a crafted binary to crash the boot loader, causing denial of service.
Vulnerability
An out-of-bounds read flaw exists in Shim due to insufficient boundary verification when loading a PE binary [2]. This affects Shim versions prior to the fixes included in Red Hat Enterprise Linux updates [1][4]. The vulnerability is triggered during the parsing of a maliciously crafted PE file.
Exploitation
An attacker with the ability to provide a crafted PE binary to the Shim boot loader (e.g., via a malicious boot image or during the boot process) can trigger the out-of-bounds read. No authentication is required, but the attacker must have a means to load the crafted binary in a Secure Boot environment.
Impact
Successful exploitation causes Shim to read beyond the allocated buffer, leading to a crash and denial of service. The impact is limited to availability; no code execution or privilege escalation is indicated.
Mitigation
Red Hat has released updates for Shim as part of RHSA-2024:1903, RHSA-2024:1959, and RHSA-2024:2086 [1][3][4]. Users should apply the latest Shim package for their respective Red Hat Enterprise Linux versions. No workaround is available; updating is the recommended mitigation.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
39- Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.8::crbRange: 0:15.8-2.el8
cpe:/o:redhat:enterprise_linux:7::server+ 2 more
- cpe:/o:redhat:enterprise_linux:7::serverrange: 0:15.8-1.el7
- cpe:/o:redhat:enterprise_linux:8::baseosrange: 0:15.8-4.el8_9
- cpe:/o:redhat:enterprise_linux:9::baseosrange: 0:15.8-4.el9_3
cpe:/o:redhat:rhel_aus:8.2::baseos+ 1 more
- cpe:/o:redhat:rhel_aus:8.2::baseosrange: 0:15.8-2.el8_2
- cpe:/o:redhat:rhel_tus:8.4::baseosrange: 0:15.8-2.el8_4
- Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Supportv5cpe:/o:redhat:rhel_eus:8.6::baseosRange: 0:15.8-2.el8_6
- Red Hat/Red Hat Enterprise Linux 9.0 Extended Update Supportv5cpe:/o:redhat:rhel_eus:9.0::baseosRange: 0:15.8-2.el9
- Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv5cpe:/o:redhat:rhel_eus:9.2::baseosRange: 0:15.8-3.el9_2
- osv-coords29 versionspkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/pcr-oracle&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/shim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/shim&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/shim&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/shim&distro=SUSE%20Manager%20Server%204.3
< 15.8-4.el8_9.alma.1+ 28 more
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 0.4.6-2.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-25.30.1
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-25.30.1
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-1.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2024:1834mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1835mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1873mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1876mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1883mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1902mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1903mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1959mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2086mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-40549mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.