An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-4693 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2238343 | Issue Tracking Third Party Advisory |
https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/ | Exploit Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/ | |
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html | Mailing List |
https://seclists.org/oss-sec/2023/q4/37 | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202311-14 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20231208-0002/ | Third Party Advisory |
Configurations
History
23 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Mar 2024, 19:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.gentoo.org/glsa/202311-14 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20231208-0002/ - Third Party Advisory | |
CPE | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* |
08 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Nov 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Nov 2023, 18:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2238343 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/ - Exploit, Third Party Advisory | |
References | (MISC) https://seclists.org/oss-sec/2023/q4/37 - Mailing List, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4693 - Third Party Advisory | |
References | (MISC) https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html - Mailing List | |
CWE | CWE-125 | |
First Time |
Gnu
Gnu grub2 Redhat Redhat enterprise Linux |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:* |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-04-23 02:15
NVD link : CVE-2023-4693
Mitre link : CVE-2023-4693
CVE.ORG link : CVE-2023-4693
JSON object : View
Products Affected
gnu
- grub2
redhat
- enterprise_linux
CWE
CWE-125
Out-of-bounds Read