CVE-2023-4692 HIGH

CVE-2023-4692: Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution

Vendor Red Hat
Product Red Hat Enterprise Linux 7
Weakness CWE-122
Published October 25, 2023
Last update November 7, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

Key dates

02Disclosure timeline

October 25, 2023 CVE published
November 7, 2025 Record updated