Security update for pcr-oracle, shim SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20136-1 Final 1 1 2025-03-07T15:31:20Z current 2025-03-07T15:31:20Z 2025-03-07T15:31:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pcr-oracle, shim This update for pcr-oracle, shim fixes the following issues: pcr-oracle: - predict SbatLevelRT for the next boot (bsc#1230316) shim was updated to version 15.8: - Update shim-install to use the 'removable' way for encrypted SL-Micro images (bsc#1230316) * Always use the removable way for SL-Micro * Limit the removable option to encrypted SL-Micro Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-225 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ Link for SUSE-SU-2025:20136-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021195.html E-Mail link for SUSE-SU-2025:20136-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215098 SUSE Bug 1215098 https://bugzilla.suse.com/1215099 SUSE Bug 1215099 https://bugzilla.suse.com/1215100 SUSE Bug 1215100 https://bugzilla.suse.com/1215101 SUSE Bug 1215101 https://bugzilla.suse.com/1215102 SUSE Bug 1215102 https://bugzilla.suse.com/1215103 SUSE Bug 1215103 https://bugzilla.suse.com/1230316 SUSE Bug 1230316 https://www.suse.com/security/cve/CVE-2023-40546/ SUSE CVE CVE-2023-40546 page https://www.suse.com/security/cve/CVE-2023-40547/ SUSE CVE CVE-2023-40547 page https://www.suse.com/security/cve/CVE-2023-40548/ SUSE CVE CVE-2023-40548 page https://www.suse.com/security/cve/CVE-2023-40549/ SUSE CVE CVE-2023-40549 page https://www.suse.com/security/cve/CVE-2023-40550/ SUSE CVE CVE-2023-40550 page https://www.suse.com/security/cve/CVE-2023-40551/ SUSE CVE CVE-2023-40551 page SUSE Linux Micro 6.0 pcr-oracle-0.4.6-2.1 shim-15.8-1.1 pcr-oracle-0.4.6-2.1 as a component of SUSE Linux Micro 6.0 shim-15.8-1.1 as a component of SUSE Linux Micro 6.0 A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances. CVE-2023-40546 SUSE Linux Micro 6.0:pcr-oracle-0.4.6-2.1 SUSE Linux Micro 6.0:shim-15.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ https://www.suse.com/security/cve/CVE-2023-40546.html CVE-2023-40546 https://bugzilla.suse.com/1215099 SUSE Bug 1215099 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. CVE-2023-40547 SUSE Linux Micro 6.0:pcr-oracle-0.4.6-2.1 SUSE Linux Micro 6.0:shim-15.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ https://www.suse.com/security/cve/CVE-2023-40547.html CVE-2023-40547 https://bugzilla.suse.com/1215098 SUSE Bug 1215098 A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. CVE-2023-40548 SUSE Linux Micro 6.0:pcr-oracle-0.4.6-2.1 SUSE Linux Micro 6.0:shim-15.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ https://www.suse.com/security/cve/CVE-2023-40548.html CVE-2023-40548 https://bugzilla.suse.com/1215100 SUSE Bug 1215100 An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service. CVE-2023-40549 SUSE Linux Micro 6.0:pcr-oracle-0.4.6-2.1 SUSE Linux Micro 6.0:shim-15.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ https://www.suse.com/security/cve/CVE-2023-40549.html CVE-2023-40549 https://bugzilla.suse.com/1215101 SUSE Bug 1215101 An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. CVE-2023-40550 SUSE Linux Micro 6.0:pcr-oracle-0.4.6-2.1 SUSE Linux Micro 6.0:shim-15.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ https://www.suse.com/security/cve/CVE-2023-40550.html CVE-2023-40550 https://bugzilla.suse.com/1215102 SUSE Bug 1215102 A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase. CVE-2023-40551 SUSE Linux Micro 6.0:pcr-oracle-0.4.6-2.1 SUSE Linux Micro 6.0:shim-15.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520136-1/ https://www.suse.com/security/cve/CVE-2023-40551.html CVE-2023-40551 https://bugzilla.suse.com/1215103 SUSE Bug 1215103