{"id":"AZL-34093","summary":"CVE-2023-40548 affecting package shim-unsigned-x64 for versions less than 15.8-1","details":"A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.","modified":"2026-04-21T04:27:02.328009Z","published":"2024-01-29T15:15:08Z","upstream":["CVE-2023-40548"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40548"}],"affected":[{"package":{"name":"shim-unsigned-x64","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/shim-unsigned-x64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.8-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34093.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}