CVE-2023-5342

Aug. 15, 2025, 1:13 p.m.

4.1
Medium

Description

The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.

Product(s) Impacted

Vendor Product Versions
*
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-324
Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a / / / / / / / / / /

References

https://access.redhat.com/security/cve/CVE-2023-5342
https://bodhi.fedoraproject.org/updates/FEDORA-2024-2aa28a4cfc
https://bugzilla.redhat.com/show_bug.cgi?id=2198977
https://bugzilla.redhat.com/show_bug.cgi?id=2388707

Tags

patrick@puiterwijk.org
CWE-324
2025-08-14
CVE-2023-5342

CVSS Score

4.1 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

    View Vector String

Timeline

Published: Aug. 14, 2025, 1:15 p.m.
Last Modified: Aug. 15, 2025, 1:13 p.m.

Status : Awaiting Analysis

CVE has been marked as "**REJECT**" in the CVE List. These CVEs are stored in the NVD, but do not show up in search results.

More info

Source

patrick@puiterwijk.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.