Shim
by Red Hat
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5342 | Med | 0.27 | 4.1 | 0.00 | Aug 14, 2025 | The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. | ||
| CVE-2023-40546 | 0.00 | — | 0.00 | Jan 29, 2024 | A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it,… | |||
| CVE-2023-40550 | 0.00 | — | 0.00 | Jan 29, 2024 | An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. | |||
| CVE-2014-3677 | 0.00 | — | 0.03 | Oct 22, 2014 | Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. | |||
| CVE-2014-3676 | 0.00 | — | 0.05 | Oct 22, 2014 | Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | |||
| CVE-2014-3675 | 0.00 | — | 0.03 | Oct 22, 2014 | Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. |
- risk 0.27cvss 4.1epss 0.00
The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.
- CVE-2023-40546Jan 29, 2024risk 0.00cvss —epss 0.00
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it,…
- CVE-2023-40550Jan 29, 2024risk 0.00cvss —epss 0.00
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
- CVE-2014-3677Oct 22, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
- CVE-2014-3676Oct 22, 2014risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
- CVE-2014-3675Oct 22, 2014risk 0.00cvss —epss 0.03
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.