PT-2025-18040 · Unknown · Refindplus
Micromilo
·
Published
2025-04-28
·
Updated
2025-04-28
·
CVE-2025-4002
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
RefindPlus versions 0.14.2.AB
Description
A vulnerability was found in RefindPlus, classified as problematic. The issue affects the
GetDebugLogFile function of the file Library/MemLogLib/BootLog.c, leading to a null pointer dereference. Local attack is required to exploit this issue.Recommendations
For version 0.14.2.AB, apply the patch identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2 to fix this issue. As a temporary workaround, consider disabling the
GetDebugLogFile function until the patch is applied.Fix
Improper Resource Release
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Refindplus