CVE-2024-45781
EUVD-2025-478618.02.2025, 20:15
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| grub2 |
| ||||||||||||||||||
| grub2-unsigned |
| ||||||||||||||||||
| grub2-signed |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| grub2 |
| ||||||||||||||||||||||
| grub2-arm64-efi |
| ||||||||||||||||||||||
| grub2-i386-pc |
| ||||||||||||||||||||||
| grub2-powerpc-ieee1275 |
| ||||||||||||||||||||||
| grub2-s390x-emu |
| ||||||||||||||||||||||
| grub2-snapper-plugin |
| ||||||||||||||||||||||
| grub2-systemd-sleep-plugin |
| ||||||||||||||||||||||
| grub2-x86_64-efi |
| ||||||||||||||||||||||
| grub2-x86_64-xen |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| grub2-common |
| ||
| grub2-efi-aa64 |
| ||
| grub2-efi-aa64-cdboot |
| ||
| grub2-efi-aa64-modules |
| ||
| grub2-efi-x64 |
| ||
| grub2-efi-x64-cdboot |
| ||
| grub2-efi-x64-modules |
| ||
| grub2-pc |
| ||
| grub2-pc-modules |
| ||
| grub2-ppc64le |
| ||
| grub2-ppc64le-modules |
| ||
| grub2-tools |
| ||
| grub2-tools-efi |
| ||
| grub2-tools-extra |
| ||
| grub2-tools-minimal |
|
Common Weakness Enumeration