Out-of-Bound Write Vulnerability in Grub2 by Red Hat
CVE-2024-45777

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 19 February 2025

Summary

A flaw in Grub2 affects the calculation of the translation buffer when processing language .mo files. Specifically, the issue arises in the grub_gettext_getstr_from_position() function, which may lead to an out-of-bound write scenario. This vulnerability allows attackers to manipulate Grub2’s sensitive heap data, posing a risk of circumventing secure boot protections. The potential exploitation of this vulnerability necessitates immediate attention from users to safeguard against unauthorized access and system compromise.

References

https://access.redhat.com/security/cve/CVE-2024-45777

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2346343

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Sep 8, 2024