fkie_cve-2023-4692
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2024-11-21 08:35
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2456
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:3184
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-4692Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2236613Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/Exploit, Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.htmlMailing List
secalert@redhat.comhttps://seclists.org/oss-sec/2023/q4/37Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2456
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:3184
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-4692Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2236613Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PERFILCHFEUGG3OAMC6W55P6DDIBZK4Q/
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/oss-sec/2023/q4/37Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202311-14
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20231208-0002/
Impacted products
Vendor Product Version
gnu grub2 *
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF60F990-70DB-48EA-A956-1F6202F301EA",
                     versionEndExcluding: "2.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.",
      },
      {
         lang: "es",
         value: "Se encontró una falla de escritura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. Este problema puede permitir que un atacante presente una imagen del sistema de archivos NTFS especialmente manipulada, lo que provoca la corrupción de los metadatos del montón de grub. En algunas circunstancias, el ataque también puede dañar los metadatos del montón del firmware UEFI. Como resultado, se puede lograr la ejecución de código arbitrario y eludir la protección de arranque seguro.",
      },
   ],
   id: "CVE-2023-4692",
   lastModified: "2024-11-21T08:35:41.970",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-25T18:17:41.743",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:2456",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2024:3184",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-4692",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236613",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/oss-sec/2023/q4/37",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:2456",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2024:3184",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2023-4692",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236613",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PERFILCHFEUGG3OAMC6W55P6DDIBZK4Q/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/oss-sec/2023/q4/37",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202311-14",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20231208-0002/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-122",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.