Memory Allocation Flaw in Grub2 Affects Red Hat Products
CVE-2024-45775

5.2MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 18 February 2025

Summary

A memory allocation flaw has been identified in Grub2, specifically in the grub_extcmd_dispatcher() function. This flaw arises when grub_arg_list_alloc() is invoked for memory allocation without adequate checks for allocation failure. In instances where memory allocation does not succeed, the resulting NULL pointer is processed by the parse_option() function, potentially leading to system crashes or, in rare cases, corruption of the Interrupt Vector Table (IVT) data. This vulnerability emphasizes the necessity for proper memory management and error handling in critical system components.

References

https://access.redhat.com/security/cve/CVE-2024-45775

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2337481

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Sep 8, 2024