CVE-2023-4693
Summary
| CVE | CVE-2023-4693 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-10-25 18:17:00 UTC |
|---|
| Updated | 2024-03-08 19:40:00 UTC |
|---|
| Description | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| CVE-2023-4692, CVE-2023-4693: vulnerabilities in the GRUB boot manager – My DFIR Blog |
MISC |
dfir.ru |
|
| security.netapp.com/advisory/ntap-20231208-0002 |
|
security.netapp.com |
Third Party Advisory |
| security.gentoo.org/glsa/202311-14 |
|
security.gentoo.org |
Third Party Advisory |
| 2238343 – (CVE-2023-4693) CVE-2023-4693 grub2: out-of-bounds read at fs/ntfs.c |
MISC |
bugzilla.redhat.com |
|
| oss-sec: CVE-2023-4692, CVE-2023-4693: grub2: OOB write, read via specially crafted NTFS filesystem |
MISC |
seclists.org |
|
| [SECURITY PATCH 0/6] GRUB2 NTFS driver vulnerabilities - 2023/10/03 |
MISC |
lists.gnu.org |
|
| cve-details |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199802 Ubuntu Security Notification for GRUB2 Vulnerabilities (USN-6410-1)
- 356438 Amazon Linux Security Advisory for grub2 : ALAS2-2023-2292
- 356613 Amazon Linux Security Advisory for grub2 : ALAS2023-2023-409
- 356635 Amazon Linux Security Advisory for grub2 : ALAS2023-2023-408
- 6000116 Debian Security Update for grub2 (DLA 3605-1)
- 6000174 Debian Security Update for grub2 (DSA 5519-1)
- 673348 EulerOS Security Update for grub2 (EulerOS-SA-2023-3301)
- 673390 EulerOS Security Update for grub2 (EulerOS-SA-2024-1060)
- 673506 EulerOS Security Update for grub2 (EulerOS-SA-2023-3333)
- 673603 EulerOS Security Update for grub2 (EulerOS-SA-2023-3272)
- 673664 EulerOS Security Update for grub2 (EulerOS-SA-2024-1270)
- 673921 EulerOS Security Update for grub2 (EulerOS-SA-2024-1141)
- 674062 EulerOS Security Update for grub2 (EulerOS-SA-2023-3244)
- 674085 EulerOS Security Update for grub2 (EulerOS-SA-2024-1084)
- 710796 Gentoo Linux GRUB Multiple Vulnerabilities (GLSA 202311-14)
- 755093 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2023:4085-1)
- 755116 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2023:4130-1)
- 755125 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2023:4141-1)
- 755126 SUSE Enterprise Linux Security Update for grub2 (SUSE-SU-2023:4140-1)
- 908007 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (31685-1)
