PT-2025-7461 · Grub2+8 · Grub2+8

Published

2025-02-18

·

Updated

2025-10-17

·

CVE-2025-0677

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions grub2 (affected versions not specified)
Description A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub ufs lookup symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to bypass secure boot mechanisms.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:16154
ALSA-2025:6990
ALT-PU-2025-5587
ALT-PU-2025-6088
AZL-56919
AZL-57007
BDU:2025-07124
CVE-2025-0677
INFSA-2025_6990
OESA-2025-1216
OESA-2025-1217
OESA-2025-1218
OESA-2025-1232
OESA-2025-1233
OPENSUSE-SU-2025:14822-1
OPENSUSE-SU-2025_0586-1
OPENSUSE-SU-2025_0587-1
OPENSUSE-SU-2025_0588-1
OPENSUSE-SU-2025_0607-1
RHSA-2025:16154
RHSA-2025:6990
RHSA-2025_6990
SUSE-SU-2025:01961-1
SUSE-SU-2025:0586-1
SUSE-SU-2025:0587-1
SUSE-SU-2025:0588-1
SUSE-SU-2025:0607-1
SUSE-SU-2025:0629-1
SUSE-SU-2025:20511-1
SUSE-SU-2025:20863-1
SUSE-SU-2025_0586-1
SUSE-SU-2025_0587-1
SUSE-SU-2025_0588-1
SUSE-SU-2025_0607-1
SUSE-SU-2025_0629-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Red Hat
Red Os
Rocky Linux
Suse
Grub2