Lucene search
PRIOn knowledge basePRION:CVE-2023-4692HistoryOct 25, 2023 - 6:17 p.m.
Heap overflow
2023-10-2518:17:00
PRIOn knowledge base
www.prio-n.com
11
grub2
ntfs
heap overflow
uefi firmware
vulnerability
secure boot
An out-of-bounds write flaw was found in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub’s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grub2 | lt | 2.12 | |
| enterprise_linux | eq | 8.0 | |
| enterprise_linux | eq | 9.0 |
References
access.redhat.com/security/cve/CVE-2023-4692
bugzilla.redhat.com/show_bug.cgi?id=2236613
dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/
lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
seclists.org/oss-sec/2023/q4/37
security.gentoo.org/glsa/202311-14
security.netapp.com/advisory/ntap-20231208-0002/
Related
ubuntucve
ubuntucve
CVE-2023-4692
2023-10-03 00:00:00
debiancve
debiancve
CVE-2023-4692
2023-10-25 18:17:41
cbl_mariner
cbl_mariner
CVE-2023-4692 affecting package grub2 for versions less than 2.06-13
2024-03-05 17:52:42
CVE-2023-4692 affecting package grub2 for versions less than 2.06-18
2024-04-19 22:15:55
veracode
veracode
Out-of-Bounds Write
2023-10-08 22:49:41
cve
cve
CVE-2023-4692
2023-10-25 18:17:41
cvelist
cvelist
nvd
nvd
CVE-2023-4692
2023-10-25 18:17:41
nessus
nessus
EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2023-3301)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2023-3244)
2024-01-16 00:00:00
EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2024-1035)
2024-01-16 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4085-1)
2023-10-17 00:00:00
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1379)
2024-03-14 00:00:00
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1141)
2024-02-09 00:00:00
ubuntu
ubuntu
GRUB2 vulnerabilities
2023-10-04 00:00:00
debian
debian
[SECURITY] [DSA 5519-1] grub2 security update
2023-10-06 19:03:15
[SECURITY] [DLA 3605-1] grub2 security update
2023-10-05 21:45:55
redos
redos
ROS-20240405-01
2024-04-05 00:00:00
osv
osv
grub2 - security update
2023-10-06 00:00:00
grub2-signed, grub2-unsigned vulnerabilities
2023-10-04 01:31:42
grub2 - security update
2023-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: grub2-2.06-121.fc40
2024-04-23 01:15:56
[SECURITY] Fedora 39 Update: grub2-2.06-120.fc39
2024-04-29 01:55:42
[SECURITY] Fedora 38 Update: grub2-2.06-118.fc38
2024-05-03 01:36:58
redhatcve
redhatcve
CVE-2023-4692
2023-10-03 18:24:36
CVE-2023-4693
2023-10-03 18:24:46
amazon
amazon
Important: grub2
2023-10-12 15:08:00
redhat
redhat
(RHSA-2024:2456) Moderate: grub2 security update
2024-04-30 06:15:45
(RHSA-2024:3184) Moderate: grub2 security update
2024-05-22 06:35:52
almalinux
almalinux
Moderate: grub2 security update
2024-04-30 00:00:00
Moderate: grub2 security update
2024-05-22 00:00:00
rocky
rocky
grub2 security update
2024-06-14 13:59:16
oraclelinux
oraclelinux
grub2 security update
2024-05-24 00:00:00
grub2 security update
2024-05-03 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0505
2023-11-04 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0130
2023-10-30 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0681
2023-11-04 00:00:00
mageia
mageia
Updated grub2 packages fix security vulnerabilities
2024-03-28 06:52:55
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00