CVE-2023-40549: 
NixOS vulnerability analysis and mitigation

CVE-2023-40549 is an out-of-bounds read vulnerability discovered in the Shim bootloader. The vulnerability exists in the verify_buffer_authenticode() function in shim.c due to the lack of proper boundary verification during the load of a PE binary. This vulnerability was disclosed on January 29, 2024, affecting various versions of Shim up to (excluding) version 15.8 (NVD, Red Hat).

The vulnerability stems from an out-of-bounds read issue in the verify_buffer_authenticode() function in shim.c, where a pointer offset is added and accessed without proper bounds checking. The issue is triggered when processing malformed PE files and occurs before signature validation of the PE file. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) by NIST and 6.2 (Medium) by Red Hat (NVD).

When exploited, this vulnerability allows an attacker to load a crafted PE binary, which can trigger the issue and crash Shim, resulting in a denial of service condition. This is particularly concerning for systems using Secure Boot, as Shim is a critical component in the secure boot process (NVD).

The vulnerability has been fixed in Shim version 15.8. Red Hat has released security updates for various versions of their Enterprise Linux distributions. It's important to note that when updating Shim, GRUB2 must also be updated simultaneously or before Shim, as the new version revokes all previous versions of GRUB2. Failure to update GRUB2 could result in an unbootable system (Red Hat).