Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 23.04 LTS: USN-6410-1 Critical GRUB2 Heap Overflow and More

ubuntu
Calendar Grey October 4, 2023
Dist Ubuntu Esm H88
Security issues in GRUB2 for Ubuntu 23.04, 22.04 LTS, and 20.04 LTS fixed with critical updates and instructions.
Several security issues were fixed in GRUB2.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in GRUB2. Software Description: - grub2-signed: GRand Unified Bootloader - grub2-unsigned: GRand Unified Bootloader Details: It was discovered that a specially crafted file system image could cause a heap-based out-of-bounds write. A local attacker could potentially use this to perform arbitrary code execution bypass and bypass secure boot protections. (CVE-2023-4692) It was discovered that a specially crafted file system image could cause an out-of-bounds read. A physically-present attacker could possibly use this to leak sensitive information to the GRUB pager. (CVE-2023-4693)

Topics%20covered

Topics Covered

security advisory Ubuntu heap overflow out-of-bounds read GRUB2

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: grub-efi-amd64 2.06-2ubuntu17.2 grub-efi-amd64-bin 2.06-2ubuntu17.220:32 grub-efi-amd64-signed 1.193.2+2.06-2ubuntu17.2 grub-efi-arm64 2.06-2ubuntu17.2 grub-efi-arm64-bin 2.06-2ubuntu17.2 grub-efi-arm64-signed 1.193.2+2.06-2ubuntu17.2 Ubuntu 22.04 LTS: grub-efi-amd64 2.06-2ubuntu14.4 grub-efi-amd64-bin 2.06-2ubuntu14.4 grub-efi-amd64-signed 1.187.6+2.06-2ubuntu14.4 grub-efi-arm64 2.06-2ubuntu14.4 grub-efi-arm64-bin 2.06-2ubuntu14.4 grub-efi-arm64-signed 1.187.6+2.06-2ubuntu14.4 Ubuntu 20.04 LTS: grub-efi-amd64-signed 1.187.6~20.04.1+2.06-2ubuntu14.4 grub-efi-arm64-signed 1.187.6~20.04.1+2.06-2ubuntu14.4 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6410-1

CVE-2023-4692, CVE-2023-4693

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6410-1

Topics%20covered

Topics Covered

security advisory Ubuntu heap overflow out-of-bounds read GRUB2

Package Information

https://launchpad.net/ubuntu/+source/grub2-signed/1.193.2 https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu17.2 https://launchpad.net/ubuntu/+source/grub2-signed/1.187.6 https://launchpad.net/ubuntu/+source/grub2-unsigned/2.06-2ubuntu14.4 https://launchpad.net/ubuntu/+source/grub2-signed/1.187.6~20.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here