CVE-2025-0690

EUVD-2025-4377

24.02.2025, 08:15

The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 MEDIUM	PHYSICAL	LOW	HIGH	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

grub2

bookworm	2.06-13+deb12u2 fixed
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	2.14-2 fixed
sid	2.14-2 fixed
trixie	2.12-9+deb13u2 fixed

openSUSE / SLES Releases

openSUSE Product

Release

grub2

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP3	2.02-150.1 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-arm64-efi

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-i386-pc

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP3	2.02-150.1 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-powerpc-ieee1275

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-s390x-emu

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-snapper-plugin

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP3	2.02-150.1 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-systemd-sleep-plugin

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP3	2.02-150.1 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-x86_64-efi

suse enterprise desktop 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise desktop 15 SP7	2.12-150700.17.4 fixed
suse enterprise sap 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise sap 15 SP7	2.12-150700.17.4 fixed
suse enterprise server 12 SP3	2.02-150.1 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed
suse enterprise server 15 SP6	2.12-150600.8.18.2 fixed
suse enterprise server 15 SP7	2.12-150700.17.4 fixed

grub2-x86_64-xen

suse enterprise server 12 SP3	2.02-150.1 fixed
suse enterprise server 12 SP5	2.02-181.2 fixed
suse enterprise server 15 SP3	2.04-150300.22.52.3 fixed
suse enterprise server 15 SP4	2.06-150400.11.55.2 fixed
suse enterprise server 15 SP5	2.06-150500.29.43.2 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

grub2-common

RHEL 9

1:2.06-104.el9_6

fixed

grub2-efi-aa64

RHEL 9

1:2.06-104.el9_6

fixed

grub2-efi-aa64-cdboot

RHEL 9

1:2.06-104.el9_6

fixed

grub2-efi-aa64-modules

RHEL 9

1:2.06-104.el9_6

fixed

grub2-efi-x64

RHEL 9

1:2.06-104.el9_6

fixed

grub2-efi-x64-cdboot

RHEL 9

1:2.06-104.el9_6

fixed

grub2-efi-x64-modules

RHEL 9

1:2.06-104.el9_6

fixed

grub2-pc

RHEL 9

1:2.06-104.el9_6

fixed

grub2-pc-modules

RHEL 9

1:2.06-104.el9_6

fixed

grub2-ppc64le

RHEL 9

1:2.06-104.el9_6

fixed

grub2-ppc64le-modules

RHEL 9

1:2.06-104.el9_6

fixed

grub2-tools

RHEL 9

1:2.06-104.el9_6

fixed

grub2-tools-efi

RHEL 9

1:2.06-104.el9_6

fixed

grub2-tools-extra

RHEL 9

1:2.06-104.el9_6

fixed

grub2-tools-minimal

RHEL 9

1:2.06-104.el9_6

fixed

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://access.redhat.com/errata/RHSA-2025:6990

https://access.redhat.com/security/cve/CVE-2025-0690

https://bugzilla.redhat.com/show_bug.cgi?id=2346123

https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html