VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 25, 2023· Updated Nov 7, 2025

Grub2: out-of-bounds read at fs/ntfs.c

CVE-2023-4693

Description

An out-of-bounds read flaw in GRUB2's NTFS driver allows a physically present attacker to leak sensitive memory via a crafted NTFS image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read flaw in GRUB2's NTFS driver allows a physically present attacker to leak sensitive memory via a crafted NTFS image.

Vulnerability

An out-of-bounds read vulnerability exists in GRUB2's NTFS filesystem driver, affecting versions prior to the fix. The flaw occurs when GRUB2 processes a specially crafted NTFS file system image. The vulnerable code path is triggered when the $ATTRIBUTE_LIST attribute is encountered for a file, and the driver reuses a buffer originally used for reading drive data to store sector numbers without proper bounds checking [1][4]. This allows reading beyond the allocated buffer. Affected versions include GRUB2 packages shipped in Red Hat Enterprise Linux 9 before the patched version grub2-2.06-77.el9 [1].

Exploitation

An attacker must have physical access to the system and be able to present a specially crafted NTFS file system image (e.g., via a USB drive or other bootable media) to the GRUB boot process. No authentication or additional privileges are required. The attacker triggers the out-of-bounds read by having GRUB attempt to boot or access files from the malicious NTFS image, causing the driver to dereference memory locations beyond the intended buffer [3][4].

Impact

Successful exploitation results in out-of-bounds memory reads, allowing sensitive data cached in memory or EFI variable values to be leaked. This presents a high confidentiality risk, as arbitrary memory contents can be exposed to the attacker [3][4]. No code execution or privilege escalation is achieved, but disclosure of sensitive information (e.g., cryptographic keys, secrets) is possible [3].

Mitigation

The vulnerability is fixed in GRUB2 packages released on or after the date of the advisory. For Red Hat Enterprise Linux 9, the fixed version is grub2-2.06-77.el9 included in RHSA-2024:2456 [1] and RHSA-2024:3184 [2]. Users should update their GRUB2 packages to the patched version. No workaround is described in the available references for systems still running unpatched versions.

References
  1. https://access.redhat.com/errata/RHSA-2024:2456
  2. https://access.redhat.com/errata/RHSA-2024:3184
  3. cve-details
  4. CVE-2023-4692, CVE-2023-4693: vulnerabilities in the GRUB boot manager

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

43

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.