An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
References
Configurations
History
03 May 2024, 03:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Mar 2024, 19:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* | |
References | () https://security.gentoo.org/glsa/202311-14 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20231208-0002/ - Third Party Advisory |
08 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Nov 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-05-03 03:16
NVD link : CVE-2023-4692
Mitre link : CVE-2023-4692
CVE.ORG link : CVE-2023-4692
JSON object : View
Products Affected
gnu
- grub2
redhat
- enterprise_linux