CVE-2023-40547: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2023-40547) was discovered in Shim, a first-stage UEFI boot loader. The vulnerability was identified in the Shim boot support where it incorrectly trusts attacker-controlled values when parsing an HTTP response. This vulnerability was discovered by the MSRC Vulnerability & Mitigations (V&M) team and was disclosed on January 25, 2024 (NVD, Red Hat Bugzilla).

The vulnerability exists in the http boot support (httpboot.c) component of Shim. When parsing HTTP responses, the system trusts attacker-controlled values, which can lead to a completely controlled out-of-bounds write primitive. The vulnerability has been assigned a CVSS v3.1 base score of 8.3 (HIGH) with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability allows an attacker to craft a specific malicious HTTP request that can lead to complete system compromise. The impact is particularly severe as it could potentially bypass Secure Boot protections (NVD).

The vulnerability has been fixed in Shim version 15.8. Users are strongly advised to upgrade to this version. It's important to note that the new shim revokes ALL PREVIOUS VERSIONS of GRUB2, therefore GRUB2 must be updated to the latest version simultaneously with this shim update to maintain system bootability (Red Hat Bugzilla).