Heap-based Out-of-Bounds Vulnerability in HFS Filesystem Affecting GRUB
CVE-2024-45782

7.8HIGH

Key Information:

Vendor
Gnu
Vendor
CVE Published:
3 March 2025

Summary

A vulnerability exists in the HFS filesystem driver that compromises data integrity by allowing insufficient validation of user-supplied volume names. When the GRUB filesystem mounts an HFS volume, it improperly uses a strcpy() function to handle the volume name, which can lead to a heap-based out-of-bounds write. This flaw could allow attackers to manipulate sensitive data and potentially bypass secure boot protections, posing significant security risks.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.