Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-4693
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Grub2: out-of-bounds read at fs/ntfs.c
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
References
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
-
-
-
-
-
-
-
-
-
https://seclists.org/oss-sec/2023/q4/37 x_transferred
-
https://security.gentoo.org/glsa/202311-14 x_transferred
-
https://security.netapp.com/advisory/ntap-20231208-0002/ x_transferred
Affected products
grub2
- *
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>