Vulnerability CVE-2023-4693: Information
Description
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
grub | sisyphus | 2.06-alt17 | 2.12-alt3 | ALT-PU-2024-1457-3 | 337825 | Fixed |
grub | p10 | 2.06-alt17 | 2.06-alt17 | ALT-PU-2024-1607-2 | 339331 | Fixed |
grub | p11 | 2.12-alt3 | 2.12-alt3 | ALT-PU-2024-11222-2 | 354669 | Fixed |
shim | sisyphus | 15.7-alt4 | 15.8-alt2 | ALT-PU-2024-1455-2 | 337825 | Fixed |
shim | p10 | 15.7-alt4 | 15.8-alt1 | ALT-PU-2024-1609-2 | 339331 | Fixed |
shim | c10f1 | 15.8-alt1 | 15.8-alt1 | ALT-PU-2024-4050-2 | 342790 | Fixed |
shim | c9f2 | 15.8-alt1 | 15.8-alt1 | ALT-PU-2024-1869-3 | 339892 | Fixed |
shim | p11 | 15.7-alt4 | 15.8-alt2 | ALT-PU-2024-1455-2 | 337825 | Fixed |