CVE-2023-4693
Published: 3 October 2023
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
From the Ubuntu Security Team
It was discovered that a specially crafted file system image could cause an out-of-bounds read. A local attacker could possibly use this to leak sensitive information to the GRUB pager.
Notes
| Author | Note |
|---|---|
| eslerm | grub2-unsigned contains Secure Boot security fixes the grub2 package unlikely affects Ubuntu's Secure Boot grub2 and grub2-unsigned should have same major version |
| eslerm | Ubuntu Secure Boot and ESM do not cover i386 trusty's GA kernel cannot handle new versions of grub Note that key revocation is required to protect against evil housekeeper attacks (such as BlackLotus) |
| eslerm | CWE-125 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
grub2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(does not affect Secure Boot)
|
| focal |
Not vulnerable
(does not affect Secure Boot)
|
|
| jammy |
Not vulnerable
(does not affect Secure Boot)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Not vulnerable
(does not affect Secure Boot)
|
|
| noble |
Not vulnerable
(does not affect Secure Boot)
|
|
| trusty |
Not vulnerable
(does not affect Secure Boot)
|
|
| upstream |
Released
(2.12~rc1-11)
|
|
| xenial |
Not vulnerable
(does not affect Secure Boot)
|
|
|
grub2-signed Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Released
(1.187.6~20.04.1)
|
|
| jammy |
Released
(1.187.6)
|
|
| lunar |
Released
(1.193.2)
|
|
| mantic |
Released
(1.197)
|
|
| noble |
Released
(1.199)
|
|
| trusty |
Ignored
(update incompatible with kernel)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
grub2-unsigned Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Released
(2.06-2ubuntu14.4)
|
|
| jammy |
Released
(2.06-2ubuntu14.4)
|
|
| lunar |
Released
(2.06-2ubuntu17.2)
|
|
| mantic |
Not vulnerable
(2.12~rc1-10ubuntu4)
|
|
| noble |
Not vulnerable
(2.12~rc1-12ubuntu2)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.6 |
| Attack vector | Physical |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |