- Vulnerability/
- USN-6410-1
USN-6410-1: GRUB2 vulnerabilities
First published: Wed Oct 04 2023(Updated: )
It was discovered that a specially crafted file system image could cause a heap-based out-of-bounds write. A local attacker could potentially use this to perform arbitrary code execution bypass and bypass secure boot protections. (CVE-2023-4692) It was discovered that a specially crafted file system image could cause an out-of-bounds read. A physically-present attacker could possibly use this to leak sensitive information to the GRUB pager. (CVE-2023-4693)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/grub-efi-amd64 | <2.06-2ubuntu17.2 | 2.06-2ubuntu17.2 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/grub-efi-amd64-bin | <2.06-2ubuntu17.2 | 2.06-2ubuntu17.2 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/grub-efi-amd64-signed | <1.193.2+2.06-2ubuntu17.2 | 1.193.2+2.06-2ubuntu17.2 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/grub-efi-arm64 | <2.06-2ubuntu17.2 | 2.06-2ubuntu17.2 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/grub-efi-arm64-bin | <2.06-2ubuntu17.2 | 2.06-2ubuntu17.2 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/grub-efi-arm64-signed | <1.193.2+2.06-2ubuntu17.2 | 1.193.2+2.06-2ubuntu17.2 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/grub-efi-amd64 | <2.06-2ubuntu14.4 | 2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/grub-efi-amd64-bin | <2.06-2ubuntu14.4 | 2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/grub-efi-amd64-signed | <1.187.6+2.06-2ubuntu14.4 | 1.187.6+2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/grub-efi-arm64 | <2.06-2ubuntu14.4 | 2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/grub-efi-arm64-bin | <2.06-2ubuntu14.4 | 2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/grub-efi-arm64-signed | <1.187.6+2.06-2ubuntu14.4 | 1.187.6+2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/grub-efi-amd64-signed | <1.187.6~20.04.1+2.06-2ubuntu14.4 | 1.187.6~20.04.1+2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/grub-efi-arm64-signed | <1.187.6~20.04.1+2.06-2ubuntu14.4 | 1.187.6~20.04.1+2.06-2ubuntu14.4 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-4692
- https://ubuntu.com/security/CVE-2023-4693
- https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu17.2
- https://launchpad.net/ubuntu/+source/grub2-signed/1.193.2
- https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu14.4
- https://launchpad.net/ubuntu/+source/grub2-signed/1.187.6
- https://launchpad.net/ubuntu/+source/grub2-signed/1.187.6~20.04.1
- https://ubuntu.com/security/notices/USN-6410-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-6410-1.
What is the severity of USN-6410-1?
The severity of USN-6410-1 is not mentioned.
How does the vulnerability in USN-6410-1 work?
The vulnerability in USN-6410-1 allows a specially crafted file system image to cause a heap-based out-of-bounds write, potentially leading to arbitrary code execution and bypassing secure boot protections.
Which software versions are affected by USN-6410-1?
The affected software versions are Ubuntu 23.04, Ubuntu 22.04, and Ubuntu 20.04.
How can I fix USN-6410-1?
To fix USN-6410-1, you can update the affected packages to the recommended versions mentioned in the advisory.
- collector/usn
- agent/severity
- agent/references
- agent/title
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04