CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:16154
https://access.redhat.com/errata/RHSA-2025:6990
https://access.redhat.com/security/cve/CVE-2024-45781
https://bugzilla.redhat.com/show_bug.cgi?id=2345857

Configurations

No configuration.

History

18 Sep 2025, 09:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:16154 -

13 May 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:6990 -

24 Feb 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-787
Summary		(es) Se encontró un defecto en Grub2. Al leer el nombre de un enlace simbólico de un sistema de archivos UFS, Grub2 no puede validar la longitud de la cadena tomada como una entrada. La falta de validación puede conducir a un montón fuera de los límites Escribir, causando problemas de integridad de datos y eventualmente permitiendo que un atacante elude las protecciones seguras de arranque.

18 Feb 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-18 20:15

Updated : 2025-09-18 09:15

NVD link : CVE-2024-45781

Mitre link : CVE-2024-45781

CVE.ORG link : CVE-2024-45781

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

6.7 /10