vulnerability

Amazon Linux AMI 2: CVE-2023-4692: Security patch for grub2 (ALAS-2023-2292)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	10/23/2023	10/23/2023	01/30/2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

10/23/2023

Added

10/23/2023

Modified

01/30/2025

Description

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Solution(s)

amazon-linux-ami-2-upgrade-grub2amazon-linux-ami-2-upgrade-grub2-commonamazon-linux-ami-2-upgrade-grub2-debuginfoamazon-linux-ami-2-upgrade-grub2-efi-aa64amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdbootamazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2amazon-linux-ami-2-upgrade-grub2-efi-aa64-modulesamazon-linux-ami-2-upgrade-grub2-efi-x64amazon-linux-ami-2-upgrade-grub2-efi-x64-cdbootamazon-linux-ami-2-upgrade-grub2-efi-x64-ec2amazon-linux-ami-2-upgrade-grub2-efi-x64-modulesamazon-linux-ami-2-upgrade-grub2-emuamazon-linux-ami-2-upgrade-grub2-emu-modulesamazon-linux-ami-2-upgrade-grub2-pcamazon-linux-ami-2-upgrade-grub2-pc-modulesamazon-linux-ami-2-upgrade-grub2-toolsamazon-linux-ami-2-upgrade-grub2-tools-efiamazon-linux-ami-2-upgrade-grub2-tools-extraamazon-linux-ami-2-upgrade-grub2-tools-minimal

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today