Out-of-Bounds Write Vulnerability in Grub2 Affects Red Hat Products
CVE-2024-45774

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 18 February 2025

Summary

A vulnerability exists in the Grub2 bootloader, where a specially crafted JPEG file can exploit the JPEG parser, leading to improper boundary checks on internal buffers. This flaw can allow for out-of-bounds write actions, potentially enabling an attacker to overwrite sensitive data. While the direct impact on secure boot protections requires further analysis, the risk of unauthorized access to critical information poses a significant concern for users relying on Grub2 in their systems.

References

https://access.redhat.com/security/cve/CVE-2024-45774

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2337461

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Sep 8, 2024