Integer Overflow Vulnerability in BFS File System Driver in grub2
CVE-2024-45779

6MEDIUM

Key Information:

Vendor
Gnu
Vendor
CVE Published:
3 March 2025

Summary

An integer overflow vulnerability exists within the BFS file system driver of grub2. This flaw can occur when the driver processes a file with an indirect extent map, as it does not adequately verify the number of extent entries before reading. If exploited, it may allow a specially crafted or corrupted BFS filesystem to induce an integer overflow during file reading operations. The repercussions include potential leakage of sensitive data or a crash of the grub2 application, posing significant risks to systems relying on this driver.

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.