CVE-2023-4693

2023-10-2518:17:41

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-4693

out-of-bounds read

grub2

ntfs

memory access

physically present attacker

sensitive data

efi variable

confidentiality risk

unix

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

An out-of-bounds read flaw was found on grub2’s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

OSVersionArchitecturePackageVersionFilename
Debian12allgrub2< 2.06-13+deb12u1grub2_2.06-13+deb12u1_all.deb
Debian11allgrub2< 2.06-3~deb11u6grub2_2.06-3~deb11u6_all.deb
Debian999allgrub2< 2.12~rc1-11grub2_2.12~rc1-11_all.deb
Debian13allgrub2< 2.12~rc1-11grub2_2.12~rc1-11_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	grub2	< 2.06-13+deb12u1	grub2_2.06-13+deb12u1_all.deb
Debian	11	all	grub2	< 2.06-3~deb11u6	grub2_2.06-3~deb11u6_all.deb
Debian	999	all	grub2	< 2.12~rc1-11	grub2_2.12~rc1-11_all.deb
Debian	13	all	grub2	< 2.12~rc1-11	grub2_2.12~rc1-11_all.deb