7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.6%
It was discovered that a specially crafted file system image could cause a
heap-based out-of-bounds write. A local attacker could potentially use this
to perform arbitrary code execution bypass and bypass secure boot
protections. (CVE-2023-4692)
It was discovered that a specially crafted file system image could cause an
out-of-bounds read. A physically-present attacker could possibly use this
to leak sensitive information to the GRUB pager. (CVE-2023-4693)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.04 | noarch | grub-efi-amd64 | < 2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-amd64-bin | < 2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-amd64-dbg | < 2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-arm64 | < 2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-arm64-bin | < 2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-arm64-dbg | < 2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-amd64-signed | < 1.193.2+2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 23.04 | noarch | grub-efi-arm64-signed | < 1.193.2+2.06-2ubuntu17.2 | UNKNOWN |
Ubuntu | 22.04 | noarch | grub-efi-amd64 | < 2.06-2ubuntu14.4 | UNKNOWN |
Ubuntu | 22.04 | noarch | grub-efi-amd64-bin | < 2.06-2ubuntu14.4 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.6%