PT-2025-6690 · Grub2+7 · Grub2+7

Published

2025-02-11

Updated

2025-10-17

CVE-2024-45781

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions grub2 (affected versions not specified)

Description A defect was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:16154

ALSA-2025:6990

ALT-PU-2025-5587

ALT-PU-2025-6088

AZL-56970

AZL-57064

BDU:2025-03834

CVE-2024-45781

INFSA-2025_6990

OESA-2025-1216

OESA-2025-1217

OESA-2025-1218

OESA-2025-1291

OESA-2025-1292

OPENSUSE-SU-2025:14822-1

OPENSUSE-SU-2025_0586-1

OPENSUSE-SU-2025_0587-1

OPENSUSE-SU-2025_0588-1

OPENSUSE-SU-2025_0607-1

RHSA-2025:16154

RHSA-2025:6990

RHSA-2025_6990

SUSE-SU-2025:01961-1

SUSE-SU-2025:0586-1

SUSE-SU-2025:0587-1

SUSE-SU-2025:0588-1

SUSE-SU-2025:0607-1

SUSE-SU-2025:0629-1

SUSE-SU-2025:20511-1

SUSE-SU-2025:20863-1

SUSE-SU-2025_0586-1

SUSE-SU-2025_0587-1

SUSE-SU-2025_0588-1

SUSE-SU-2025_0607-1

SUSE-SU-2025_0629-1

Affected Products

Alt Linux

Almalinux

Debian

Red Hat

Red Os

Rocky Linux

Suse

Grub2

PT-2025-6690 · Grub2+7 · Grub2+7

CVE-2024-45781

Weakness Enumeration

Related Identifiers

Affected Products

References · 161