操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2023-2413)

摘要:

grub2 security update

安全等级: High

公告ID: KylinSec-SA-2023-2413

发布日期: 2025年2月17日

关联CVE: CVE-2023-4692 CVE-2023-4693

详细介绍

1. 漏洞描述

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.

Security Fix(es):

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.(CVE-2023-4692)

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.(CVE-2023-4693)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-4692	KY3.4-4A	grub2	Fixed
CVE-2023-4692	KY3.4-5A	grub2	Fixed
CVE-2023-4692	KY3.5.1	grub2	Fixed
CVE-2023-4692	KY3.5.2	grub2	Fixed
CVE-2023-4693	KY3.4-4A	grub2	Fixed
CVE-2023-4693	KY3.4-5A	grub2	Fixed
CVE-2023-4693	KY3.5.1	grub2	Fixed
CVE-2023-4693	KY3.5.2	grub2	Fixed

3. 影响组件

grub2

4. 修复版本

KY3.5.1

软件名称	架构	版本号
grub2-efi-x64-modules	noarch	2.06-38.kb2.ky3_5
grub2-efi-aa64-modules	noarch	2.06-38.kb2.ky3_5
grub2-efi-ia32-modules	noarch	2.06-38.kb2.ky3_5
grub2-common	noarch	2.06-38.kb2.ky3_5
grub2-help	noarch	2.06-38.kb2.ky3_5
grub2-pc-modules	noarch	2.06-38.kb2.ky3_5
grub2-tools-extra	x86_64	2.06-38.kb2.ky3_5
grub2-efi-x64-cdboot	x86_64	2.06-38.kb2.ky3_5
grub2-efi-ia32-cdboot	x86_64	2.06-38.kb2.ky3_5
grub2-tools-minimal	x86_64	2.06-38.kb2.ky3_5
grub2-efi-x64	x86_64	2.06-38.kb2.ky3_5
grub2-tools-efi	x86_64	2.06-38.kb2.ky3_5
grub2-efi-ia32	x86_64	2.06-38.kb2.ky3_5
grub2-tools	x86_64	2.06-38.kb2.ky3_5
grub2-pc	x86_64	2.06-38.kb2.ky3_5
grub2-efi-aa64	aarch64	2.06-38.kb2.ky3_5
grub2-tools-extra	aarch64	2.06-38.kb2.ky3_5
grub2-tools-minimal	aarch64	2.06-38.kb2.ky3_5
grub2-tools	aarch64	2.06-38.kb2.ky3_5
grub2-efi-aa64-cdboot	aarch64	2.06-38.kb2.ky3_5

KY3.4-4A

软件名称	架构	版本号
grub2-efi-aa64-modules	noarch	2.04-36.kb2.ky3_4
grub2-efi-ia32-modules	noarch	2.04-36.kb2.ky3_4
grub2-pc-modules	noarch	2.04-36.kb2.ky3_4
grub2-help	noarch	2.04-36.kb2.ky3_4
grub2-efi-x64-modules	noarch	2.04-36.kb2.ky3_4
grub2-common	noarch	2.04-36.kb2.ky3_4
grub2-efi-x64-cdboot	x86_64	2.04-36.kb2.ky3_4
grub2-tools-minimal	x86_64	2.04-36.kb2.ky3_4
grub2-tools-extra	x86_64	2.04-36.kb2.ky3_4
grub2-efi-ia32	x86_64	2.04-36.kb2.ky3_4
grub2-pc	x86_64	2.04-36.kb2.ky3_4
grub2-efi-x64	x86_64	2.04-36.kb2.ky3_4
grub2-tools	x86_64	2.04-36.kb2.ky3_4
grub2-tools-efi	x86_64	2.04-36.kb2.ky3_4
grub2-efi-ia32-cdboot	x86_64	2.04-36.kb2.ky3_4
grub2-tools-minimal	aarch64	2.04-36.kb2.ky3_4
grub2-efi-aa64	aarch64	2.04-36.kb2.ky3_4
grub2-tools-extra	aarch64	2.04-36.kb2.ky3_4
grub2-efi-aa64-cdboot	aarch64	2.04-36.kb2.ky3_4
grub2-tools	aarch64	2.04-36.kb2.ky3_4

KY3.4-5A

软件名称	架构	版本号
grub2-efi-x64-modules	noarch	2.04-36.kb2.ky3_4
grub2-pc-modules	noarch	2.04-36.kb2.ky3_4
grub2-efi-aa64-modules	noarch	2.04-36.kb2.ky3_4
grub2-efi-ia32-modules	noarch	2.04-36.kb2.ky3_4
grub2-common	noarch	2.04-36.kb2.ky3_4
grub2-help	noarch	2.04-36.kb2.ky3_4
grub2-tools-efi	x86_64	2.04-36.kb2.ky3_4
grub2-efi-ia32-cdboot	x86_64	2.04-36.kb2.ky3_4
grub2-tools-minimal	x86_64	2.04-36.kb2.ky3_4
grub2-tools	x86_64	2.04-36.kb2.ky3_4
grub2-efi-ia32	x86_64	2.04-36.kb2.ky3_4
grub2-efi-x64	x86_64	2.04-36.kb2.ky3_4
grub2-efi-x64-cdboot	x86_64	2.04-36.kb2.ky3_4
grub2-pc	x86_64	2.04-36.kb2.ky3_4
grub2-tools-extra	x86_64	2.04-36.kb2.ky3_4
grub2-tools-extra	aarch64	2.04-36.kb2.ky3_4
grub2-tools	aarch64	2.04-36.kb2.ky3_4
grub2-efi-aa64	aarch64	2.04-36.kb2.ky3_4
grub2-efi-aa64-cdboot	aarch64	2.04-36.kb2.ky3_4
grub2-tools-minimal	aarch64	2.04-36.kb2.ky3_4

KY3.5.2

软件名称	架构	版本号
grub2-common	noarch	2.06-38.ky3_5.kb24
grub2-efi-x64-modules	noarch	2.06-38.ky3_5.kb24
grub2-pc-modules	noarch	2.06-38.ky3_5.kb24
grub2-efi-aa64-modules	noarch	2.06-38.ky3_5.kb24
grub2-efi-ia32-modules	noarch	2.06-38.ky3_5.kb24
grub2-help	noarch	2.06-38.ky3_5.kb24
grub2-tools-efi	x86_64	2.06-38.ky3_5.kb24
grub2-tools	x86_64	2.06-38.ky3_5.kb24
grub2-efi-ia32-cdboot	x86_64	2.06-38.ky3_5.kb24
grub2-efi-x64-cdboot	x86_64	2.06-38.ky3_5.kb24
grub2-efi-ia32	x86_64	2.06-38.ky3_5.kb24
grub2-pc	x86_64	2.06-38.ky3_5.kb24
grub2-tools-extra	x86_64	2.06-38.ky3_5.kb24
grub2-efi-x64	x86_64	2.06-38.ky3_5.kb24
grub2-tools-minimal	x86_64	2.06-38.ky3_5.kb24
grub2-tools-minimal	aarch64	2.06-38.ky3_5.kb24
grub2-tools	aarch64	2.06-38.ky3_5.kb24
grub2-efi-aa64-cdboot	aarch64	2.06-38.ky3_5.kb24
grub2-tools-extra	aarch64	2.06-38.ky3_5.kb24
grub2-efi-aa64	aarch64	2.06-38.ky3_5.kb24

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

操作系统+

1. 漏洞描述

2. 影响范围

3. 影响组件

4. 修复版本

KY3.5.1

KY3.4-4A

KY3.4-5A

KY3.5.2

5. 修复方法

6. 下载链接

KY3.5.1:

x86_64:

aarch64:

KY3.4-4A:

x86_64:

aarch64:

KY3.4-5A:

x86_64:

aarch64:

KY3.5.2:

x86_64:

aarch64:

产品中心

解决方案

技术支持

生态与合作

分支机构