Integer Overflow Vulnerability in BFS File System Driver in grub2
CVE-2024-45779

6MEDIUM

Key Information:

Vendor
Gnu
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
3 March 2025

Summary

An integer overflow vulnerability exists within the BFS file system driver of grub2. This flaw can occur when the driver processes a file with an indirect extent map, as it does not adequately verify the number of extent entries before reading. If exploited, it may allow a specially crafted or corrupted BFS filesystem to induce an integer overflow during file reading operations. The repercussions include potential leakage of sensitive data or a crash of the grub2 application, posing significant risks to systems relying on this driver.

References

https://access.redhat.com/security/cve/CVE-2024-45779
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2345854
issue-trackingx_refsource_REDHAT
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg...

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.