CVE-2024-45775

EUVD-2025-4780
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.2 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Debian logo
Debian Releases
Debian Product
Codename
grub2
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2.14~git20250718.0e36779-2
fixed
sid
2.14~git20250718.0e36779-2
fixed
trixie
2.12-9
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grub2
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
not-affected
plucky
not-affected
questing
not-affected
trusty
ignored
xenial
not-affected
grub2-unsigned
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
grub2-signed
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
trusty
ignored
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
grub2
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-arm64-efi
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-i386-pc
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-powerpc-ieee1275
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-s390x-emu
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-snapper-plugin
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-systemd-sleep-plugin
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-efi
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-xen
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grub2-common
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-aa64
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-aa64-cdboot
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-aa64-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-x64
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-x64-cdboot
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-x64-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-pc
RHEL 9
1:2.06-104.el9_6
fixed
grub2-pc-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-ppc64le
RHEL 9
1:2.06-104.el9_6
fixed
grub2-ppc64le-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools-efi
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools-extra
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools-minimal
RHEL 9
1:2.06-104.el9_6
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:6990
https://access.redhat.com/security/cve/CVE-2024-45775
https://bugzilla.redhat.com/show_bug.cgi?id=2337481