Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 23.04 LTS: USN-6410-1 Critical GRUB2 Heap Overflow and More

ubuntu
Calendar Grey October 4, 2023
Dist Ubuntu Esm H88
Security issues in GRUB2 for Ubuntu 23.04, 22.04 LTS, and 20.04 LTS fixed with critical updates and instructions.
Several security issues were fixed in GRUB2.

Summary

Several security issues were fixed in GRUB2.

Software Description:

- grub2-signed: GRand Unified Bootloader

- grub2-unsigned: GRand Unified Bootloader

Details:

It was discovered that a specially crafted file system image could cause a

heap-based out-of-bounds write. A local attacker could potentially use this

to perform arbitrary code execution bypass and bypass secure boot

protections. (CVE-2023-4692)

It was discovered that a specially crafted file system image could cause an

out-of-bounds read. A physically-present attacker could possibly use this

to leak sensitive information to the GRUB pager. (CVE-2023-4693)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   grub-efi-amd64                  2.06-2ubuntu17.2
   grub-efi-amd64-bin              2.06-2ubuntu17.220:32
   grub-efi-amd64-signed           1.193.2+2.06-2ubuntu17.2
   grub-efi-arm64                  2.06-2ubuntu17.2
   grub-efi-arm64-bin              2.06-2ubuntu17.2
   grub-efi-arm64-signed           1.193.2+2.06-2ubuntu17.2

Ubuntu 22.04 LTS:
   grub-efi-amd64                  2.06-2ubuntu14.4
   grub-efi-amd64-bin              2.06-2ubuntu14.4
   grub-efi-amd64-signed           1.187.6+2.06-2ubuntu14.4
   grub-efi-arm64                  2.06-2ubuntu14.4
   grub-efi-arm64-bin              2.06-2ubuntu14.4
   grub-efi-arm64-signed           1.187.6+2.06-2ubuntu14.4

Ubuntu 20.04 LTS:
   grub-efi-amd64-signed           1.187.6~20.04.1+2.06-2ubuntu14.4
   grub-efi-arm64-signed           1.187.6~20.04.1+2.06-2ubuntu14.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6410-1

CVE-2023-4692, CVE-2023-4693

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6410-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here