Heap Out-of-Bounds Write Vulnerability in Grub2 by Red Hat
CVE-2024-45781

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 18 February 2025

Summary

A significant vulnerability exists in Grub2 where the software improperly validates the length of symbolic link names sourced from a UFS filesystem. This failure to validate input string lengths can lead to a heap out-of-bounds write. As a result, this flaw may cause data integrity issues and allow attackers to bypass secure boot mechanisms, posing serious security risks to affected systems.

References

https://access.redhat.com/security/cve/CVE-2024-45781

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2345857

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Sep 8, 2024