CVE 2023-4693
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.
Related bugs and status
CVE-2023-4693 (Candidate) is related to these bugs:
Bug #2028931: device tree protocol not always applied
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Jammy) | Undecided | Won't Fix | ||
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Mantic) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Lunar) | Undecided | Won't Fix | ||
| 2028931 | device tree protocol not always applied | grub2 (Ubuntu Focal) | Undecided | Won't Fix | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Focal) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Jammy) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Lunar) | Undecided | Fix Released | ||
| 2028931 | device tree protocol not always applied | grub2-unsigned (Ubuntu Mantic) | Undecided | Fix Released | ||
Bug #2038742: [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2038742 | [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs | StarlingX | High | Fix Released | ||
Bug #2039081: UEFI HTTP boot regression from lunar to mantic
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu) | High | Fix Released | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu Mantic) | High | Triaged | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2 (Ubuntu Noble) | High | Fix Released | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu Mantic) | Undecided | New | ||
| 2039081 | UEFI HTTP boot regression from lunar to mantic | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
Bug #2039172: grub 2.12~rc1 fails to load files from large directories on XFS
Bug #2043084: GRUB menu loading failure via HTTP Boot on BlueField
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Jammy) | Undecided | In Progress | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Focal) | Undecided | New | ||
| 2043084 | GRUB menu loading failure via HTTP Boot on BlueField | grub2-unsigned (Ubuntu Mantic) | Undecided | Invalid | ||
Bug #2043101: Mantic+noble inadvertently includes the luks2 module in signed grub-efis
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu) | Undecided | Fix Released | ||
| 2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu Noble) | Undecided | Fix Released | ||
| 2043101 | Mantic+noble inadvertently includes the luks2 module in signed grub-efis | grub2-unsigned (Ubuntu Mantic) | Undecided | Fix Committed | ||
See the 
CVE page on Mitre.org
for more details.
