CVE-2023-4692

2023-10-2518:17:41

Debian Security Bug Tracker

security-tracker.debian.org

grub2

ntfs

vulnerability

secure boot

bypass

uefi

firmware

heap

metadata

code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

An out-of-bounds write flaw was found in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub’s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

OSVersionArchitecturePackageVersionFilename
Debian12allgrub2< 2.06-13+deb12u1grub2_2.06-13+deb12u1_all.deb
Debian11allgrub2< 2.06-3~deb11u6grub2_2.06-3~deb11u6_all.deb
Debian999allgrub2< 2.12~rc1-11grub2_2.12~rc1-11_all.deb
Debian13allgrub2< 2.12~rc1-11grub2_2.12~rc1-11_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	grub2	< 2.06-13+deb12u1	grub2_2.06-13+deb12u1_all.deb
Debian	11	all	grub2	< 2.06-3~deb11u6	grub2_2.06-3~deb11u6_all.deb
Debian	999	all	grub2	< 2.12~rc1-11	grub2_2.12~rc1-11_all.deb
Debian	13	all	grub2	< 2.12~rc1-11	grub2_2.12~rc1-11_all.deb