Lucene search

GoogleOSV:CVE-2023-4949

HistoryNov 10, 2023 - 5:15 p.m.

CVE-2023-4949

2023-11-1017:15:07

Google

osv.dev

local access

xfs partition

memory corruption

grub-legacy

software

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

CPENameOperatorVersion
grubeq0.97-80
grubeq0.97-78
grubeq0.97-79
grubeq0.97-77
grubeq0.97-81

Name	Operator	Version
grub	eq	0.97-80
grub	eq	0.97-78
grub	eq	0.97-79
grub	eq	0.97-77
grub	eq	0.97-81

References

xenbits.xenproject.org/xsa/advisory-443.html

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2023-4949