Integer Overflow Vulnerability in BFS File System Driver in grub2
CVE-2024-45779
6MEDIUM
Key Information:
- Vendor
- Gnu
- Vendor
- CVE Published:
- 3 March 2025
Summary
An integer overflow vulnerability exists within the BFS file system driver of grub2. This flaw can occur when the driver processes a file with an indirect extent map, as it does not adequately verify the number of extent entries before reading. If exploited, it may allow a specially crafted or corrupted BFS filesystem to induce an integer overflow during file reading operations. The repercussions include potential leakage of sensitive data or a crash of the grub2 application, posing significant risks to systems relying on this driver.
References
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved