Vulnerability CVE-2023-4692: Information
Description
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
grub | sisyphus | 2.06-alt17 | 2.12-alt3 | ALT-PU-2024-1457-3 | 337825 | Fixed |
grub | p10 | 2.06-alt17 | 2.06-alt17 | ALT-PU-2024-1607-2 | 339331 | Fixed |
grub | p11 | 2.12-alt3 | 2.12-alt3 | ALT-PU-2024-11222-2 | 354669 | Fixed |
shim | sisyphus | 15.7-alt4 | 15.8-alt2 | ALT-PU-2024-1455-2 | 337825 | Fixed |
shim | p10 | 15.7-alt4 | 15.8-alt1 | ALT-PU-2024-1609-2 | 339331 | Fixed |
shim | c10f1 | 15.8-alt1 | 15.8-alt1 | ALT-PU-2024-4050-2 | 342790 | Fixed |
shim | c9f2 | 15.8-alt1 | 15.8-alt1 | ALT-PU-2024-1869-3 | 339892 | Fixed |
shim | p11 | 15.7-alt4 | 15.8-alt2 | ALT-PU-2024-1455-2 | 337825 | Fixed |