Vulnerability CVE-2023-4692: Information
Description
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| grub | sisyphus | 2.06-alt17 | 2.12-alt16 | ALT-PU-2024-1457-3 | 337825 | Fixed |
| grub | sisyphus_riscv64 | 2.12-alt0.port.1 | 2.12-alt0.port.14 | ALT-PU-2024-17701-1 | - | Fixed |
| grub | sisyphus_loongarch64 | 2.12-alt0.port | 2.12-alt16.0.port | ALT-PU-2024-13317-1 | - | Fixed |
| grub | p10 | 2.06-alt17 | 2.12-alt11 | ALT-PU-2024-1607-2 | 339331 | Fixed |
| grub | c10f2 | 2.06-alt19 | 2.12-alt14 | ALT-PU-2024-8169-3 | 348180 | Fixed |
| grub | p11 | 2.12-alt3 | 2.12-alt14 | ALT-PU-2024-11222-2 | 354669 | Fixed |
| shim | sisyphus | 15.7-alt4 | 16.1-alt1 | ALT-PU-2024-1455-2 | 337825 | Fixed |
| shim | p10 | 15.7-alt4 | 15.8-alt1 | ALT-PU-2024-1609-2 | 339331 | Fixed |
| shim | c10f2 | 15.8-alt1 | 15.8-alt2 | ALT-PU-2024-4035-2 | 342769 | Fixed |
| shim | c9f2 | 15.8-alt1 | 15.8-alt1 | ALT-PU-2024-1869-3 | 339892 | Fixed |
| shim | p11 | 15.7-alt4 | 16.1-alt1 | ALT-PU-2024-1455-2 | 337825 | Fixed |