CVE-2023-40546 Information

Description

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable it tries to print an error message to the user; however the number of parameters used by the logging function doesn’t match the format string used by it leading to a crash under certain circumstances.

Reference

https://access.redhat.com/security/cve/CVE-2023-40546 https://bugzilla.redhat.com/show_bug.cgi?id=2241796