Heap-based Out-of-Bounds Vulnerability in HFS Filesystem Affecting GRUB
CVE-2024-45782
7.8HIGH
Summary
A vulnerability exists in the HFS filesystem driver that compromises data integrity by allowing insufficient validation of user-supplied volume names. When the GRUB filesystem mounts an HFS volume, it improperly uses a strcpy() function to handle the volume name, which can lead to a heap-based out-of-bounds write. This flaw could allow attackers to manipulate sensitive data and potentially bypass secure boot protections, posing significant security risks.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved