HFS+ Filesystem Driver Flaw in GRUB2 Affects Red Hat Linux
CVE-2024-45783

4.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 18 February 2025

Summary

A vulnerability has been identified in the HFS+ filesystem driver of GRUB2, where the failure to mount an HFS+ filesystem does not correctly handle the ERRNO value. This oversight can lead to a NULL pointer access, potentially resulting in unexpected behavior or crashes in systems that rely on this driver. Affected users should evaluate their systems for updates and consider the implications of this flaw on their operations.

References

https://access.redhat.com/security/cve/CVE-2024-45783

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2345863

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Sep 8, 2024