CVE-2023-40546: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in the Shim bootloader (CVE-2023-40546) that affects the error handling mechanism when creating new ESL variables. The issue was first reported on October 2, 2023, and affects versions up to (excluding) 15.8. The vulnerability impacts various versions of Red Hat Enterprise Linux, Fedora, and Debian systems using the Shim bootloader (NVD, Red Hat).

The vulnerability is a NULL pointer dereference error that exists in the mirror_one_esl() function within mok.c. When Shim fails to create a new ESL variable, it attempts to log an error message, but the number of parameters used by the logging function doesn't match the format string, and one of the variables may be NULL. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) by NIST and 6.2 (Medium) by Red Hat, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Bugzilla).

A successful exploitation of this vulnerability can lead to a crash of the Shim bootloader, resulting in a Denial-of-Service condition. This could prevent the system from booting properly when Secure Boot is enabled (Bugzilla).

The vulnerability has been fixed in Shim version 15.8. Users are strongly advised to upgrade to this version, especially on Secure Boot enabled systems, as older versions may eventually be blocked. For Red Hat Enterprise Linux users, it's crucial to note that the new Shim version revokes ALL PREVIOUS VERSIONS of GRUB2, requiring simultaneous updates of both Shim and GRUB2 to maintain system bootability (Debian, Red Hat).