Secure Boot dbx Configuration Update 190 -> 220

sudo fwupdmgr update

finds on this hardware:

CVE-2023-28005

in a file of a parallel CentOS installation which is not complaining:

/boot/efi/EFI/centos/shimx64-centos.efi

How to fix or workaround? Appreciate.

That appears that it requires physical access to the device to be exploited. Is your device accessible to others where it might be accessed and the vulnerability exploited?

Note also that the listed fix is only for windows from what i was able to see.
CentOS is not fedora. They use a different shim file.

We need more info about the system and details of why it is of urgent concern.

On my F37 system the fwupdmgr command tells me I have the latest dbx already installed.

The first question seems why Fedora 37 interferes with CentOS looking at its shim in a multiboot environment.

Do any fwupdmgr commands exist showing the used shims?

I guess, the topic is not of urgent concern.

The dbx updates is for the entire machine and all of the installed multibooted operating systems. Thus, when installing it, it will consider all shims found in the ESP (aka efi) file system. By the way, the dbx updates comes from Microsoft and Fedora has no say in what it contains.

UEFI dbx seems to be not relevant to CentOS 9 Stream: “no available updates”.

Secure Boot ON or OFF should and does not have an impact.

linked to CentOS forum here

In a multi-boot environment, Fedora needs to be installed first and CentOS second to avoid the problem. I guess, they are good reasons for it.