PT-2024-9919 · Gnu Grub+5 · Gnu Grub+5

Jbo

Published

2024-12-26

Updated

2025-10-17

CVE-2024-56737

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU GRUB (aka GRUB2) versions through 2.12

Description The issue is a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is related to the HFS File System Handler component of the GRUB2 bootloader.

Recommendations As a temporary workaround, consider disabling the fs/hfs.c module until a patch is available. Restrict access to HFS filesystems to minimize the risk of exploitation. Avoid using crafted sblock data in HFS filesystems until the issue is resolved. Update to a version later than 2.12 once it is available.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2025-5587

ALT-PU-2025-6088

AZL-54683

AZL-54712

BDU:2025-00028

CVE-2024-56737

MGASA-2025-0116

OESA-2025-1216

OESA-2025-1217

OESA-2025-1218

OESA-2025-1232

OESA-2025-1233

OPENSUSE-SU-2025:14822-1

OPENSUSE-SU-2025_0586-1

OPENSUSE-SU-2025_0587-1

OPENSUSE-SU-2025_0588-1

OPENSUSE-SU-2025_0607-1

SUSE-SU-2025:01961-1

SUSE-SU-2025:0586-1

SUSE-SU-2025:0587-1

SUSE-SU-2025:0588-1

SUSE-SU-2025:0607-1

SUSE-SU-2025:0629-1

SUSE-SU-2025:20511-1

SUSE-SU-2025:20863-1

SUSE-SU-2025_0586-1

SUSE-SU-2025_0587-1

SUSE-SU-2025_0588-1

SUSE-SU-2025_0607-1

SUSE-SU-2025_0629-1

Affected Products

Alt Linux

Astra Linux

Debian

Gnu Grub

Red Os

Suse

PT-2024-9919 · Gnu Grub+5 · Gnu Grub+5

CVE-2024-56737

Weakness Enumeration

Related Identifiers

Affected Products

References · 145