CVE 2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Related bugs and status
CVE-2023-4692 (Candidate) is related to these bugs:
Bug #2028931: device tree protocol not always applied
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Jammy) | Undecided | Won't Fix | ||
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Mantic) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Lunar) | Undecided | Won't Fix | ||
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Focal) | Undecided | Won't Fix | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Lunar) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Mantic) | Undecided | Fix Released | ||
Bug #2038742: [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2038742 | [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs | StarlingX | High | Fix Released | ||
Bug #2039081: UEFI HTTP boot regression from lunar to mantic
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu) | High | Fix Released | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu Mantic) | High | Triaged | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu Noble) | High | Fix Released | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu Mantic) | Undecided | New | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
Bug #2039172: grub 2.12~rc1 fails to load files from large directories on XFS
Bug #2043084: GRUB menu loading failure via HTTP Boot on BlueField
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Jammy) | Undecided | In Progress | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Focal) | Undecided | New | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Mantic) | Undecided | Invalid | ||
Bug #2043101: Mantic+noble inadvertently includes the luks2 module in signed grub-efis
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
| 2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu Mantic) | Undecided | Fix Committed | ||
See the 
CVE page on Mitre.org
for more details.
