CVE-2023-4693

Public on 2023-10-06
Modified on 2024-02-01
Description
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
Severity
Low severity
Low
CVSS v3 Base Score
2.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 grub Not Affected
Amazon Linux 2 - Core grub2 2023-10-12 ALAS2-2023-2292 Fixed
Amazon Linux 2023 grub2 2023-10-30 ALAS2023-2023-408 Fixed
Amazon Linux 2023 grub2 2023-10-30 ALAS2023-2023-409 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv3 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N