Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4693

Published: 25/10/2023 Updated: 30/04/2024
CVSS v3 Base Score: 4.6 | Impact Score: 3.6 | Exploitability Score: 0.9
VMScore: 0
Subscribe to Grub2

Vulnerability Summary

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present malicious user to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu grub2

redhat enterprise linux 8.0

redhat enterprise linux 9.0

Vendor Advisories

Debian Security Advisories: DSA-5519-1 grub2 -- security update
Maxim Suhanov discovered multiple vulnerabilities in GURB2's code to handle NTFS filesystems, which may result in a Secure Boot bypass For the oldstable distribution (bullseye), these problems have been fixed in version 206-3~deb11u6 For the stable distribution (bookworm), these problems have been fixed in version 206-13+deb12u1 We recommend t ...
Amazon Linux 2: ALAS2-2023-2292
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption In some circumstances, the attack may also corrupt the UEFI firmware heap metadata As a result, arbitrary code execution and secure boot protecti ...
Red Hat:
Description<!---->An out-of-bounds read flaw was found on grub2's NTFS filesystem driver This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confi ...

References

CWE-125https://bugzilla.redhat.com/show_bug.cgi?id=2238343https://access.redhat.com/security/cve/CVE-2023-4693https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.htmlhttps://seclists.org/oss-sec/2023/q4/37https://security.gentoo.org/glsa/202311-14https://security.netapp.com/advisory/ntap-20231208-0002/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/https://access.redhat.com/errata/RHSA-2024:2456https://www.debian.org/security/2023/dsa-5519https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook