VDB

CISA-2024-45781

CISA-2024-45781 PUBLISHED CVSS 6.7 MEDIUM

Reported by redhat · Published February 18, 2025

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.

Risk Scores

CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
0
Red HatRed Hat Enterprise Linux 101:2.12-15.el10_0
Red HatRed Hat Enterprise Linux 91:2.06-104.el9_6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 101:2.12-15.el10_0, 1:2.12-15.el10_0
Red HatRed Hat Enterprise Linux 9*, 1:2.06-104.el9_6
Red HatRed Hat Enterprise Linux 7
0, 0
Red HatRed Hat Enterprise Linux 8

Timeline

  • Feb 18, 2025 CVE Published
  • Jan 29, 2026 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›