VDB
DEBIAN-CVE-2023-4692
DEBIAN-CVE-2023-4692
PUBLISHED
CVSS 7.800000190734863 HIGH
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | grub2 | 0, 0, 0 |
| Debian:13 | grub2 | 0, 0, 0 |
| Debian:12 | grub2 | 2.06-13, 0, 2.06-13 |
| Debian:11 | grub2 | 2.06-3~deb10u4, 2.06-3~deb11u5, * |
Timeline
- Oct 25, 2023 CVE Published
- Apr 28, 2026 CVE Updated