Heap-based Out-of-Bounds Vulnerability in HFS Filesystem Affecting GRUB
CVE-2024-45782
7.8HIGH
What is CVE-2024-45782?
A vulnerability exists in the HFS filesystem driver that compromises data integrity by allowing insufficient validation of user-supplied volume names. When the GRUB filesystem mounts an HFS volume, it improperly uses a strcpy() function to handle the volume name, which can lead to a heap-based out-of-bounds write. This flaw could allow attackers to manipulate sensitive data and potentially bypass secure boot protections, posing significant security risks.