Stack Overflow Vulnerability in Grub2 Affects Red Hat Products
CVE-2024-45778

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 March 2025

Summary

A stack overflow vulnerability has been identified in Grub2 when processing files from a Broken File System (BFS). An attacker could craft a malicious BFS filesystem that triggers an uncontrolled loop within Grub2, leading to application crashes. This flaw could disrupt system operations, making it imperative for users to apply security updates and mitigate potential impacts on system stability.

References

https://access.redhat.com/security/cve/CVE-2024-45778

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2345640

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Sep 8, 2024