PT-2025-6689 · Grub2+7 · Grub2+7

Published

2025-02-18

·

Updated

2025-10-17

·

CVE-2024-45776

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions GRUB2 (affected versions not specified)
Description The issue arises when reading the language .mo file in grub mofile open(), where GRUB2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, resulting in out-of-bound reads and writes. This allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:16154
ALSA-2025:6990
ALT-PU-2025-5587
ALT-PU-2025-6088
AZL-56928
AZL-56989
BDU:2025-02218
CVE-2024-45776
INFSA-2025_6990
OESA-2025-1216
OESA-2025-1217
OESA-2025-1218
OESA-2025-1291
OESA-2025-1292
OPENSUSE-SU-2025:14822-1
OPENSUSE-SU-2025_0586-1
OPENSUSE-SU-2025_0587-1
OPENSUSE-SU-2025_0588-1
OPENSUSE-SU-2025_0607-1
RHSA-2025:16154
RHSA-2025:6990
RHSA-2025_6990
SUSE-SU-2025:01961-1
SUSE-SU-2025:0586-1
SUSE-SU-2025:0587-1
SUSE-SU-2025:0588-1
SUSE-SU-2025:0607-1
SUSE-SU-2025:0629-1
SUSE-SU-2025:20511-1
SUSE-SU-2025:20863-1
SUSE-SU-2025_0586-1
SUSE-SU-2025_0587-1
SUSE-SU-2025_0588-1
SUSE-SU-2025_0607-1
SUSE-SU-2025_0629-1

Affected Products

Alt Linux
Almalinux
Debian
Grub2
Red Hat
Red Os
Rocky Linux
Suse