Description
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6Attack Vector: Physical
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Affected Packages2 packages
Also affects: Enterprise Linux 8.0, 9.0
🔴Vulnerability Details
4GHSAGHSA-r62p-gp92-7444: An out-of-bounds read flaw was found on grub2's NTFS filesystem driver↗2023-10-25 OSVCVE-2023-4693: An out-of-bounds read flaw was found on grub2's NTFS filesystem driver↗2023-10-25 CVEListGrub2: out-of-bounds read at fs/ntfs.c↗2023-10-25 OSVgrub2-signed, grub2-unsigned vulnerabilities↗2023-10-04 📋Vendor Advisories
4MicrosoftGrub2: out-of-bounds read at fs/ntfs.c↗2023-10-10 UbuntuGRUB2 vulnerabilities↗2023-10-04 Red Hatgrub2: out-of-bounds read at fs/ntfs.c↗2023-10-03 DebianCVE-2023-4693: grub2 - An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This iss...↗2023 💬Community
1BugzillaCVE-2023-52592 kernel: libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos↗2024-03-06