CVE-2023-4692 (enterprise_linux, grub2)

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

arbitrary code attack attacker boot bypass code code execution corrupt corruption cve driver filesystem firmware flaw found grub2 image issue may metadata ntfs out-of-bounds out-of-bounds write protection result secure boot uefi uefi firmware