CVE-2023-40548 — A buffer overflow was found in Shim in the 32-bit system

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer

01What is this vulnerability?

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.

02Affected products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 7	0:15.8-3.el7
Red Hat	Red Hat Enterprise Linux 7	0:15.8-1.el7
Red Hat	Red Hat Enterprise Linux 8	0:15.8-4.el8_9
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	0:15.8-2.el8_2
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	0:15.8-2.el8_2
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	0:15.8-2.el8_2
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	0:15.8-2.el8_4
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	0:15.8-2.el8_4
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	0:15.8-2.el8_4
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	0:15.8-2.el8_6
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	0:15.8-2.el8
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	0:15.8-2.el8
Red Hat	Red Hat Enterprise Linux 9	0:15.8-4.el9_3
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	0:15.8-3.el9
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	0:15.8-2.el9
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	0:15.8-2.el9
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	0:15.8-3.el9_2

03Active exploitation status

Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.

04Recommended remediation

• Patch to a fixed version listed in the vendor advisory (see references below).
• Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
• Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

• Published: 2024-01-29T14:53:44.319Z
• Last modified: 2025-11-20T19:53:32.879Z

09References

• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1834
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1835
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1873
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1876
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1883
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1902
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1903
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:1959
• access.redhat.com — https://access.redhat.com/errata/RHSA-2024:2086
• access.redhat.com — https://access.redhat.com/security/cve/CVE-2023-40548
• bugzilla.redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=2241782