Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-4693

Опубликовано: 03 окт. 2023
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

Отчет

This vulnerability is considered as 'Low' severity by Red Hat as the NTFS module is not shipped as part of Red Hat's signed grub2 image.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7grub2Out of support scope
Red Hat Enterprise Linux 8grub2FixedRHSA-2024:318422.05.2024
Red Hat Enterprise Linux 9grub2FixedRHSA-2024:245630.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2238343grub2: out-of-bounds read at fs/ntfs.c

EPSS

Процентиль: 1%
0.0001
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-4693

CVSS3: 5.3
ubuntu
больше 1 года назад

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

nvd логотип

CVE-2023-4693

CVSS3: 5.3
nvd
больше 1 года назад

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

msrc логотип

CVE-2023-4693

CVSS3: 4.6
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-4693

CVSS3: 5.3
debian
больше 1 года назад

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver ...

github логотип

GHSA-r62p-gp92-7444

CVSS3: 5.3
github
больше 1 года назад

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

EPSS

Процентиль: 1%
0.0001
Низкий

5.3 Medium

CVSS3