CVE-2024-45781

Feb. 24, 2025, 7:15 p.m.

6.7
Medium

Description

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.

Product(s) Impacted

Product Versions
GRUB2

Weaknesses

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References

https://access.redhat.com/security/cve/CVE-2024-45781
https://bugzilla.redhat.com/show_bug.cgi?id=2345857

Tags

secalert@redhat.com
CWE-787
2025-02-18
CVE-2024-45781

CVSS Score

6.7 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Feb. 18, 2025, 8:15 p.m.
  • Last Modified: Feb. 24, 2025, 7:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.