CVE-2025-1118

Feb. 19, 2025, 6:15 p.m.

4.4
Medium

Description

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

Product(s) Impacted

Product Versions
grub2

Weaknesses

CWE-501
Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.

References

https://access.redhat.com/security/cve/CVE-2025-1118
https://bugzilla.redhat.com/show_bug.cgi?id=2346137

Tags

secalert@redhat.com
CWE-501
2025-02-19
CVE-2025-1118

CVSS Score

4.4 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Date

  • Published: Feb. 19, 2025, 6:15 p.m.
  • Last Modified: Feb. 19, 2025, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.