PT-2023-6116 · Grub2+10 · Grub2+10

Maxim Suhanov

·

Published

2023-10-03

·

Updated

2025-06-16

·

CVE-2023-4692

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Grub2 (affected versions not specified)
Description An out-of-bounds write flaw was found in Grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to Grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Heap Based Buffer Overflow

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787CWE-125

Related Identifiers

ALSA-2024:2456
ALSA-2024:3184
ALSA-2024_2456
ALSA-2024_3184
ALT-PU-2024-11222
ALT-PU-2024-1455
ALT-PU-2024-1457
ALT-PU-2024-1607
ALT-PU-2024-1609
ALT-PU-2024-1869
ALT-PU-2024-4050
AZL-31686
AZL-34795
BDU:2023-06578
BDU:2023-06822
CESA-2024_3184
CVE-2023-4692
DLA-3605-1
DSA-5519-1
ELSA-2024-2456
ELSA-2024-3184
INFSA-2024_2456
INFSA-2024_3184
MGASA-2024-0095
OESA-2023-1720
OPENSUSE-SU-2024:13328-1
RHSA-2024:2456
RHSA-2024:3184
RHSA-2024_2456
RHSA-2024_3184
RLSA-2024:3184
RLSA-2024_3184
ROSA-SA-2025-2606
SUSE-SU-2023:4085-1
SUSE-SU-2023:4130-1
SUSE-SU-2023:4140-1
SUSE-SU-2023:4141-1
SUSE-SU-2023_4085-1
SUSE-SU-2023_4130-1
SUSE-SU-2023_4140-1
SUSE-SU-2023_4141-1
SUSE-SU-2025:01961-1
USN-6410-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Grub2
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu