First published: Fri Nov 10 2023(Updated: )
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=0.97 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-4949.
The title of the vulnerability is 'Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation'.
The vulnerability is a memory corruption in grub's XFS file system implementation that can be exploited by an attacker with local access to a system.
The GNU GRUB and Xen Xen software versions up to and including 0.97 are affected by this vulnerability.
The severity of the vulnerability is high, with a CVSS score of 8.1.
Yes, there is a reference to this vulnerability. You can find more information at https://xenbits.xenproject.org/xsa/advisory-443.html.
The Common Weakness Enumeration (CWE) identifiers associated with this vulnerability are CWE-119, CWE-190, and CWE-787.