{"id":"RHSA-2024:1835","summary":"Red Hat Security Advisory: shim security update","modified":"2026-03-18T11:34:57.079269Z","published":"2024-10-01T13:44:01Z","upstream":["CVE-2023-40546","CVE-2023-40547","CVE-2023-40548","CVE-2023-40549","CVE-2023-40550","CVE-2023-40551"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1835"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234589"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241782"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241796"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241797"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259915"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259918"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1835.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40546"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-40546"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40546"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40547"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-40547"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40547"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40548"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-40548"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40548"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40549"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-40549"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40549"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40550"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-40550"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40550"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40551"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-40551"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40551"}],"affected":[{"package":{"name":"shim-unsigned-aarch64","ecosystem":"Red Hat:rhel_eus:9.0::appstream","purl":"pkg:rpm/redhat/shim-unsigned-aarch64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15.8-2.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1835.json"}},{"package":{"name":"shim","ecosystem":"Red Hat:rhel_eus:9.0::baseos","purl":"pkg:rpm/redhat/shim"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15.8-3.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1835.json"}},{"package":{"name":"shim-aa64","ecosystem":"Red Hat:rhel_eus:9.0::baseos","purl":"pkg:rpm/redhat/shim-aa64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15.8-3.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1835.json"}},{"package":{"name":"shim-x64","ecosystem":"Red Hat:rhel_eus:9.0::baseos","purl":"pkg:rpm/redhat/shim-x64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15.8-3.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1835.json"}},{"package":{"name":"shim-unsigned-x64","ecosystem":"Red Hat:rhel_eus:9.0::crb","purl":"pkg:rpm/redhat/shim-unsigned-x64"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15.8-2.el9"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:1835.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}