CVE-2023-4692

Description

An out-of-bounds write flaw was found in grub2s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grubs heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.