CVE-2023-5342: Shim: expired secure boot certificate
Published Aug 14, 2025
·Updated
The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.
Affected Software
1 affected component
Fedora shim-x64
Event History
Aug 14, 2025
CVE Published
via NVD·01:15 PM
Data Sourced
via NVD·01:15 PM
DescriptionSeverityWeakness
Data Sourced
via Red Hat·09:04 PM
DescriptionSeverityAffected Software
Aug 15, 2025
CVE Published
via MITRE·12:06 PM
Data Sourced
via MITRE·12:06 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2023-5342?
CVE-2023-5342 is considered a moderate severity vulnerability due to the potential for the loading of invalid signed boot components.
2
How do I fix CVE-2023-5342?
To fix CVE-2023-5342, update the shim package in Fedora to the latest version that has a valid Secure Boot CA certificate.
3
What are the consequences of CVE-2023-5342?
The consequences of CVE-2023-5342 include the risk of booting with outdated or incorrect signed components, leading to a compromised system.
4
Which software is affected by CVE-2023-5342?
CVE-2023-5342 specifically affects the Fedora shim-x64 package.
5
Is there a workaround for CVE-2023-5342?
There is no known effective workaround for CVE-2023-5342; updating the affected software is the recommended action.