CVE-2023-4692

2023-10-2518:17:41

CWE-787

CWE-122

[email protected]

web.nvd.nist.gov

412

cve-2023-4692

out-of-bounds write

grub2

ntfs filesystem

arbitrary code execution

secure boot protection bypass

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

An out-of-bounds write flaw was found in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub’s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Affected configurations

NVD

Node

gnugrub2Range<2.12

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

CNA Affected

[
  {
    "versions": [
      {
        "status": "unaffected",
        "version": "2.12",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "packageName": "grub",
    "collectionURL": "https://git.savannah.gnu.org/git/grub.git/"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "grub2",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:2.02-156.el8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "grub2",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1:2.06-77.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "grub2",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]