Integer Overflow Vulnerability in BFS File System Driver in grub2
CVE-2024-45779
6MEDIUM
Key Information:
- Vendor
Gnu
- Vendor
- CVE Published:
- 3 March 2025
What is CVE-2024-45779?
An integer overflow vulnerability exists within the BFS file system driver of grub2. This flaw can occur when the driver processes a file with an indirect extent map, as it does not adequately verify the number of extent entries before reading. If exploited, it may allow a specially crafted or corrupted BFS filesystem to induce an integer overflow during file reading operations. The repercussions include potential leakage of sensitive data or a crash of the grub2 application, posing significant risks to systems relying on this driver.