CVE-2023-4692

Updated: 2024-01-03 20:23:50.505511

Description:

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU grub2 2.06 7.8 HIGH Released CLSA-2024:1707226462 2024-02-06 10:11:53
CentOS 7 ELS grub2 2.02 7.8 HIGH Needs Triage 2023-11-14 13:08:34
CentOS 8.4 ELS grub2 2.02 7.8 HIGH Released CLSA-2023:1700161520 2023-11-16 16:12:47
CentOS 8.5 ELS grub2 2.02 7.8 HIGH Released CLSA-2023:1700164193 2023-11-16 16:12:48