CVE 2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
Related bugs and status
CVE-2023-40546 (Candidate) is related to these bugs:
Bug #2036604: Synchronous Exception when booting VMs via qemu-efi-aarch64
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | qemu (Ubuntu) | Undecided | Confirmed | ||
2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | autopkgtest (Ubuntu) | Undecided | Confirmed | ||
2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | cloud-images | Undecided | New | ||
2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | edk2 (Ubuntu) | High | Fix Released | ||
2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | edk2 (Debian) | Unknown | Fix Released | ||
2036604 | Synchronous Exception when booting VMs via qemu-efi-aarch64 | shim (Ubuntu) | Undecided | Fix Released |
Bug #2051151: Update to shim 15.8
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2051151 | Update to shim 15.8 | shim (Ubuntu) | Undecided | Fix Released | ||
2051151 | Update to shim 15.8 | shim-signed (Ubuntu) | Undecided | Fix Released | ||
2051151 | Update to shim 15.8 | shim (Debian) | Unknown | Fix Released | ||
2051151 | Update to shim 15.8 | shim (Ubuntu Mantic) | Undecided | Won't Fix | ||
2051151 | Update to shim 15.8 | shim-signed (Ubuntu Mantic) | Undecided | Won't Fix | ||
2051151 | Update to shim 15.8 | shim (Ubuntu Focal) | Undecided | Confirmed | ||
2051151 | Update to shim 15.8 | shim-signed (Ubuntu Focal) | Undecided | Confirmed | ||
2051151 | Update to shim 15.8 | shim (Ubuntu Noble) | Undecided | Fix Released | ||
2051151 | Update to shim 15.8 | shim-signed (Ubuntu Noble) | Undecided | Fix Released | ||
2051151 | Update to shim 15.8 | shim (Ubuntu Jammy) | Undecided | Confirmed | ||
2051151 | Update to shim 15.8 | shim-signed (Ubuntu Jammy) | Undecided | Confirmed |
See the
CVE page on Mitre.org
for more details.