An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Related CVEs

CVE-2023-4692

Key Information

GHSA ID

GHSA-6w7h-fpm5-3ww6

Published

October 25, 2023 6:32 PM

Last Modified

May 22, 2024 6:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 10, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.