Untriaged
Permalink
CVE-2023-4693
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Out-of-bounds read at fs/ntfs.c
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
References
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.gentoo.org/glsa/202311-14
- https://security.netapp.com/advisory/ntap-20231208-0002/
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- https://seclists.org/oss-sec/2023/q4/37
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- https://lists.debian.org/debian-lts-announce/2023/10/msg00007.html
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
- https://seclists.org/oss-sec/2023/q4/37
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry
- RHBZ#2238343 issue-tracking x_refsource_REDHAT
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g…
- RHSA-2024:2456 x_refsource_REDHAT vendor-advisory x_transferred
- RHSA-2024:3184 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4693 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2238343 issue-tracking x_refsource_REDHAT x_transferred
- https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-g… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html x_transferred
- https://seclists.org/oss-sec/2023/q4/37 x_transferred
- https://security.gentoo.org/glsa/202311-14 x_transferred
- https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
- https://lists.debian.org/debian-lts-announce/2023/10/msg00007.html
Affected products
grub2
- *
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>