VDB
CISA-2024-45781
CISA-2024-45781
PUBLISHED
CVSS 6.7 MEDIUM
Reported by redhat · Published February 18, 2025
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
Risk Scores
CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 | ||
| Red Hat | Red Hat Enterprise Linux 10 | 1:2.12-15.el10_0 |
| Red Hat | Red Hat Enterprise Linux 9 | 1:2.06-104.el9_6 |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 10 | 1:2.12-15.el10_0, 1:2.12-15.el10_0 |
| Red Hat | Red Hat Enterprise Linux 9 | *, 1:2.06-104.el9_6 |
| Red Hat | Red Hat Enterprise Linux 7 | |
| 0, 0 | ||
| Red Hat | Red Hat Enterprise Linux 8 |
Timeline
- Feb 18, 2025 CVE Published
- Jan 29, 2026 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2025:16154 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:6990 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2345857 issue-trackingx_refsource_REDHAT