CVE 2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Related bugs and status
CVE-2023-4692 (Candidate) is related to these bugs:
Bug #2028931: device tree protocol not always applied
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2028931 | device tree protocol not always applied | grub2 (Ubuntu Jammy) | Undecided | Won't Fix | ||
2028931 | device tree protocol not always applied | grub2 (Ubuntu Mantic) | Undecided | Fix Released | ||
2028931 | device tree protocol not always applied | grub2 (Ubuntu Lunar) | Undecided | Won't Fix | ||
2028931 | device tree protocol not always applied | grub2 (Ubuntu Focal) | Undecided | Won't Fix | ||
2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Lunar) | Undecided | Fix Released | ||
2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Mantic) | Undecided | Fix Released |
Bug #2038742: [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2038742 | [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs | StarlingX | High | Fix Released |
Bug #2039081: UEFI HTTP boot regression from lunar to mantic
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu) | High | Fix Released | ||
2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu Mantic) | High | Triaged | ||
2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu Noble) | High | Fix Released | ||
2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu Mantic) | Undecided | New | ||
2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released |
Bug #2039172: grub 2.12~rc1 fails to load files from large directories on XFS
Bug #2043084: GRUB menu loading failure via HTTP Boot on BlueField
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Jammy) | Undecided | In Progress | ||
2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Focal) | Undecided | New | ||
2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Mantic) | Undecided | Invalid |
Bug #2043101: Mantic+noble inadvertently includes the luks2 module in signed grub-efis
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu Mantic) | Undecided | Fix Committed |
See the
CVE page on Mitre.org
for more details.