CVE-2024-45777

EUVD-2025-4668
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
gnugrub2
𝑥
≤ 2.12
redhatopenshift
4.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub2
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2.14~git20250718.0e36779-2
fixed
sid
2.14~git20250718.0e36779-2
fixed
trixie
2.12-9
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grub2
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
not-affected
plucky
not-affected
questing
not-affected
trusty
ignored
xenial
not-affected
grub2-unsigned
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
grub2-signed
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
trusty
ignored
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
grub2
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-arm64-efi
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-i386-pc
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-powerpc-ieee1275
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-s390x-emu
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-snapper-plugin
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-systemd-sleep-plugin
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-efi
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-xen
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grub2-common
RHEL 9
1:2.06-114.el9_7
fixed
grub2-efi-aa64
RHEL 9
1:2.06-114.el9_7
fixed
grub2-efi-aa64-cdboot
RHEL 9
1:2.06-114.el9_7
fixed
grub2-efi-aa64-modules
RHEL 9
1:2.06-114.el9_7
fixed
grub2-efi-x64
RHEL 9
1:2.06-114.el9_7
fixed
grub2-efi-x64-cdboot
RHEL 9
1:2.06-114.el9_7
fixed
grub2-efi-x64-modules
RHEL 9
1:2.06-114.el9_7
fixed
grub2-pc
RHEL 9
1:2.06-114.el9_7
fixed
grub2-pc-modules
RHEL 9
1:2.06-114.el9_7
fixed
grub2-ppc64le
RHEL 9
1:2.06-114.el9_7
fixed
grub2-ppc64le-modules
RHEL 9
1:2.06-114.el9_7
fixed
grub2-tools
RHEL 9
1:2.06-114.el9_7
fixed
grub2-tools-efi
RHEL 9
1:2.06-114.el9_7
fixed
grub2-tools-extra
RHEL 9
1:2.06-114.el9_7
fixed
grub2-tools-minimal
RHEL 9
1:2.06-114.el9_7
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:20532
https://access.redhat.com/security/cve/CVE-2024-45777
https://bugzilla.redhat.com/show_bug.cgi?id=2346343