Vulnerabilities > CVE-2023-4949 - Out-of-bounds Write vulnerability in multiple products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnu

xen

CWE-787

NVD

Published: 2023-11-10

Updated: 2023-11-20

Summary

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Grub - GNU Grub 0.97	2
OS	Xen XEN XEN -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://xenbits.xenproject.org/xsa/advisory-443.html