suse-su-2024:1368-1
Vulnerability from csaf_suse
Published
2024-04-22 09:06
Modified
2024-04-22 09:06
Summary
Security update for shim
Notes
Title of the patch
Security update for shim
Description of the patch
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
Patchnames
SUSE-2024-1368,SUSE-SLE-Micro-5.3-2024-1368,SUSE-SLE-Micro-5.4-2024-1368,SUSE-SLE-Micro-5.5-2024-1368,SUSE-SLE-Module-Basesystem-15-SP5-2024-1368,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1368,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1368,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1368,SUSE-SUSE-MicroOS-5.1-2024-1368,SUSE-SUSE-MicroOS-5.2-2024-1368,SUSE-Storage-7.1-2024-1368,openSUSE-Leap-Micro-5.3-2024-1368,openSUSE-Leap-Micro-5.4-2024-1368,openSUSE-SLE-15.5-2024-1368
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for shim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for shim fixes the following issues:\n\n- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)\n- Limit the requirement of fde-tpm-helper-macros to the distro with\n suse_version 1600 and above (bsc#1219460)\n\nUpdate to version 15.8:\n\nSecurity issues fixed:\n\n- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)\n- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)\n- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)\n- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)\n- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)\n- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)\n\n \nThe NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.\n\n- Generate dbx during build so we don\u0027t include binary files in sources\n- Don\u0027t require grub so shim can still be used with systemd-boot\n- Update shim-install to fix boot failure of ext4 root file system\n on RAID10 (bsc#1205855)\n- Adopt the macros from fde-tpm-helper-macros to update the\n signature in the sealed key after a bootloader upgrade\n\n- Update shim-install to amend full disk encryption support\n - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector\n - Use the long name to specify the grub2 key protector\n - cryptodisk: support TPM authorized policies\n - Do not use tpm_record_pcrs unless the command is in command.lst\n\n- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to\n enable the NX compatibility flag when using post-process-pe after\n discussed with grub2 experts in mail. It\u0027s useful for further development\n and testing. (bsc#1205588)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1368,SUSE-SLE-Micro-5.3-2024-1368,SUSE-SLE-Micro-5.4-2024-1368,SUSE-SLE-Micro-5.5-2024-1368,SUSE-SLE-Module-Basesystem-15-SP5-2024-1368,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1368,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1368,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1368,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1368,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1368,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1368,SUSE-SUSE-MicroOS-5.1-2024-1368,SUSE-SUSE-MicroOS-5.2-2024-1368,SUSE-Storage-7.1-2024-1368,openSUSE-Leap-Micro-5.3-2024-1368,openSUSE-Leap-Micro-5.4-2024-1368,openSUSE-SLE-15.5-2024-1368",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1368-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1368-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241368-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1368-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1198101",
"url": "https://bugzilla.suse.com/1198101"
},
{
"category": "self",
"summary": "SUSE Bug 1205588",
"url": "https://bugzilla.suse.com/1205588"
},
{
"category": "self",
"summary": "SUSE Bug 1205855",
"url": "https://bugzilla.suse.com/1205855"
},
{
"category": "self",
"summary": "SUSE Bug 1210382",
"url": "https://bugzilla.suse.com/1210382"
},
{
"category": "self",
"summary": "SUSE Bug 1213945",
"url": "https://bugzilla.suse.com/1213945"
},
{
"category": "self",
"summary": "SUSE Bug 1215098",
"url": "https://bugzilla.suse.com/1215098"
},
{
"category": "self",
"summary": "SUSE Bug 1215099",
"url": "https://bugzilla.suse.com/1215099"
},
{
"category": "self",
"summary": "SUSE Bug 1215100",
"url": "https://bugzilla.suse.com/1215100"
},
{
"category": "self",
"summary": "SUSE Bug 1215101",
"url": "https://bugzilla.suse.com/1215101"
},
{
"category": "self",
"summary": "SUSE Bug 1215102",
"url": "https://bugzilla.suse.com/1215102"
},
{
"category": "self",
"summary": "SUSE Bug 1215103",
"url": "https://bugzilla.suse.com/1215103"
},
{
"category": "self",
"summary": "SUSE Bug 1219460",
"url": "https://bugzilla.suse.com/1219460"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28737 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40547 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40549 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40551 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40551/"
}
],
"title": "Security update for shim",
"tracking": {
"current_release_date": "2024-04-22T09:06:33Z",
"generator": {
"date": "2024-04-22T09:06:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1368-1",
"initial_release_date": "2024-04-22T09:06:33Z",
"revision_history": [
{
"date": "2024-04-22T09:06:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "efitools-1.9.2-150300.7.3.1.aarch64",
"product": {
"name": "efitools-1.9.2-150300.7.3.1.aarch64",
"product_id": "efitools-1.9.2-150300.7.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "shim-15.8-150300.4.20.2.aarch64",
"product": {
"name": "shim-15.8-150300.4.20.2.aarch64",
"product_id": "shim-15.8-150300.4.20.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "efitools-1.9.2-150300.7.3.1.i586",
"product": {
"name": "efitools-1.9.2-150300.7.3.1.i586",
"product_id": "efitools-1.9.2-150300.7.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "efitools-1.9.2-150300.7.3.1.x86_64",
"product": {
"name": "efitools-1.9.2-150300.7.3.1.x86_64",
"product_id": "efitools-1.9.2-150300.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "shim-15.8-150300.4.20.2.x86_64",
"product": {
"name": "shim-15.8-150300.4.20.2.x86_64",
"product_id": "shim-15.8-150300.4.20.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64"
},
"product_reference": "shim-15.8-150300.4.20.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "shim-15.8-150300.4.20.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64"
},
"product_reference": "shim-15.8-150300.4.20.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-28737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28737"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28737",
"url": "https://www.suse.com/security/cve/CVE-2022-28737"
},
{
"category": "external",
"summary": "SUSE Bug 1198458 for CVE-2022-28737",
"url": "https://bugzilla.suse.com/1198458"
},
{
"category": "external",
"summary": "SUSE Bug 1205065 for CVE-2022-28737",
"url": "https://bugzilla.suse.com/1205065"
},
{
"category": "external",
"summary": "SUSE Bug 1205066 for CVE-2022-28737",
"url": "https://bugzilla.suse.com/1205066"
},
{
"category": "external",
"summary": "SUSE Bug 1205831 for CVE-2022-28737",
"url": "https://bugzilla.suse.com/1205831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "important"
}
],
"title": "CVE-2022-28737"
},
{
"cve": "CVE-2023-40546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40546"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn\u0027t match the format string used by it, leading to a crash under certain circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40546",
"url": "https://www.suse.com/security/cve/CVE-2023-40546"
},
{
"category": "external",
"summary": "SUSE Bug 1215099 for CVE-2023-40546",
"url": "https://bugzilla.suse.com/1215099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-40546"
},
{
"cve": "CVE-2023-40547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40547"
}
],
"notes": [
{
"category": "general",
"text": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40547",
"url": "https://www.suse.com/security/cve/CVE-2023-40547"
},
{
"category": "external",
"summary": "SUSE Bug 1215098 for CVE-2023-40547",
"url": "https://bugzilla.suse.com/1215098"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "important"
}
],
"title": "CVE-2023-40547"
},
{
"cve": "CVE-2023-40548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40548"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40548",
"url": "https://www.suse.com/security/cve/CVE-2023-40548"
},
{
"category": "external",
"summary": "SUSE Bug 1215100 for CVE-2023-40548",
"url": "https://bugzilla.suse.com/1215100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-40548"
},
{
"cve": "CVE-2023-40549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40549"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40549",
"url": "https://www.suse.com/security/cve/CVE-2023-40549"
},
{
"category": "external",
"summary": "SUSE Bug 1215101 for CVE-2023-40549",
"url": "https://bugzilla.suse.com/1215101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-40549"
},
{
"cve": "CVE-2023-40550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40550"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system\u0027s boot phase.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40550",
"url": "https://www.suse.com/security/cve/CVE-2023-40550"
},
{
"category": "external",
"summary": "SUSE Bug 1215102 for CVE-2023-40550",
"url": "https://bugzilla.suse.com/1215102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-40550"
},
{
"cve": "CVE-2023-40551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40551"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system\u0027s boot phase.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40551",
"url": "https://www.suse.com/security/cve/CVE-2023-40551"
},
{
"category": "external",
"summary": "SUSE Bug 1215103 for CVE-2023-40551",
"url": "https://bugzilla.suse.com/1215103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Enterprise Storage 7.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Proxy 4.3:shim-15.8-150300.4.20.2.x86_64",
"SUSE Manager Server 4.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap 15.5:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.3:shim-15.8-150300.4.20.2.x86_64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.aarch64",
"openSUSE Leap Micro 5.4:shim-15.8-150300.4.20.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T09:06:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-40551"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…