Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.
No PoCs from references.
- https://github.com/Fortinetofficial/shim-review
- https://github.com/Jurij-Ivastsuk/WAXAR-shim-review
- https://github.com/NaverCloudPlatform/shim-review
- https://github.com/Rodrigo-NR/shim-review
- https://github.com/baramundisoftware/ShimReview_2024
- https://github.com/ctrliq/ciq-shim-build
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/jsegitz/shim-review-nonfork
- https://github.com/rhboot/shim-review
- https://github.com/vathpela/shim-review
- https://github.com/zeetim/shim-review