Shim: out of bounds read when parsing mz binaries
Description
An out-of-bounds read in Shim's MZ binary parser can crash the boot process or leak sensitive data during early system startup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in Shim's MZ binary parser can crash the boot process or leak sensitive data during early system startup.
Vulnerability
An out-of-bounds read flaw exists in the MZ binary format parser within Shim, a first-stage UEFI boot loader. The issue occurs when Shim processes a malformed MZ (DOS) header during Secure Boot chain-loading, reading beyond the intended buffer boundaries. The vulnerability affects Shim versions shipped in various Red Hat Enterprise Linux releases, including 8.6 Extended Update Support, prior to the fixes included in RHSA-2024:2086 [4].
Exploitation
An attacker with the ability to supply or modify a crafted MZ binary during the boot phase (e.g., by placing a malicious EFI executable on the boot medium or through a network boot attack) can trigger the out-of-bounds read. No authentication is required, but the attacker must have a mechanism to influence the data processed by Shim before the system boots the final operating system [2][4].
Impact
Successful exploitation causes a crash (denial of service) or may disclose sensitive memory contents, such as cryptographic material or kernel addresses, that could assist in further attacks against the Secure Boot trust chain. The vulnerability does not directly enable arbitrary code execution, but the information leak may reduce the security guarantees of Secure Boot [2][4].
Mitigation
Red Hat has released updated shim packages in RHSA-2024:2086 for Red Hat Enterprise Linux 8.6 Extended Update Support, with additional updates for other affected variants in RHSA-2024:1903 and RHSA-2024:1959 [1][3][4]. Users should apply the available updates to their systems. There is no known workaround for systems unable to update; for such cases, administrators should restrict physical and network access to the boot process.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38- Red Hat/Red Hat Enterprise Linux 9.0 Extended Update Supportv5cpe:/a:redhat:rhel_eus:9.0::appstreamRange: 0:15.8-2.el9
cpe:/o:redhat:enterprise_linux:7::server+ 2 more
- cpe:/o:redhat:enterprise_linux:7::serverrange: 0:15.8-1.el7
- cpe:/o:redhat:enterprise_linux:8::baseosrange: 0:15.8-4.el8_9
- cpe:/o:redhat:enterprise_linux:9::baseosrange: 0:15.8-4.el9_3
cpe:/o:redhat:rhel_e4s:8.4::baseos+ 1 more
- cpe:/o:redhat:rhel_e4s:8.4::baseosrange: 0:15.8-2.el8_4
- cpe:/o:redhat:rhel_tus:8.2::baseosrange: 0:15.8-2.el8_2
- Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Supportv5cpe:/o:redhat:rhel_eus:8.6::baseosRange: 0:15.8-2.el8_6
- Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5cpe:/o:redhat:rhel_eus:8.8::baseosRange: 0:15.8-2.el8
- Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv5cpe:/o:redhat:rhel_eus:9.2::baseosRange: 0:15.8-3.el9_2
- osv-coords29 versionspkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/shim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/pcr-oracle&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/shim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/shim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/shim&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/shim&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/shim&distro=SUSE%20Manager%20Server%204.3
< 15.8-4.el8_9.alma.1+ 28 more
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-4.el8_9.alma.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 0.4.6-2.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-25.30.1
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-25.30.1
- (no CPE)range: < 15.8-150100.3.38.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-1.1
- (no CPE)range: < 15.8-150300.4.20.2
- (no CPE)range: < 15.8-150300.4.20.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2024:1834mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1835mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1873mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1876mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1883mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1902mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1903mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1959mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2086mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-40551mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.