CVE-2023-40546

Published: Jan 29, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

6.2

MEDIUM

Description

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 7	unaffected `0:15.8-3.el7 - < *`
Red Hat	Red Hat Enterprise Linux 7	unaffected `0:15.8-1.el7 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:15.8-4.el8_9 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	unaffected `0:15.8-2.el8_2 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	unaffected `0:15.8-2.el8_2 - < *`
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	unaffected `0:15.8-2.el8_2 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	unaffected `0:15.8-2.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	unaffected `0:15.8-2.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	unaffected `0:15.8-2.el8_4 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	unaffected `0:15.8-2.el8_6 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:15.8-2.el8 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:15.8-2.el8 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:15.8-4.el9_3 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unaffected `0:15.8-3.el9 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unaffected `0:15.8-2.el9 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unaffected `0:15.8-2.el9 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:15.8-3.el9_2 - < *`