rhsa-2025:6990
Vulnerability from csaf_redhat
Published
2025-05-13 08:36
Modified
2025-07-29 10:02
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774)
* grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775)
* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
* grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
* grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783)
* grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
* grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
* grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774)\n\n* grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775)\n\n* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)\n\n* grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)\n\n* grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783)\n\n* grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)\n\n* grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)\n\n* grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:6990",
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2337461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461"
},
{
"category": "external",
"summary": "2337481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481"
},
{
"category": "external",
"summary": "2339182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182"
},
{
"category": "external",
"summary": "2345857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
},
{
"category": "external",
"summary": "2345863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345863"
},
{
"category": "external",
"summary": "2345865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865"
},
{
"category": "external",
"summary": "2346116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116"
},
{
"category": "external",
"summary": "2346123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123"
},
{
"category": "external",
"summary": "RHEL-25558",
"url": "https://issues.redhat.com/browse/RHEL-25558"
},
{
"category": "external",
"summary": "RHEL-61263",
"url": "https://issues.redhat.com/browse/RHEL-61263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_6990.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2025-07-29T10:02:16+00:00",
"generator": {
"date": "2025-07-29T10:02:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.5"
}
},
"id": "RHSA-2025:6990",
"initial_release_date": "2025-05-13T08:36:02+00:00",
"revision_history": [
{
"date": "2025-05-13T08:36:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-13T08:36:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-29T10:02:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.06-104.el9_6.src",
"product": {
"name": "grub2-1:2.06-104.el9_6.src",
"product_id": "grub2-1:2.06-104.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.06-104.el9_6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.06-104.el9_6.noarch",
"product": {
"name": "grub2-common-1:2.06-104.el9_6.noarch",
"product_id": "grub2-common-1:2.06-104.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.06-104.el9_6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.06-104.el9_6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"product_id": "grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.06-104.el9_6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.06-104.el9_6.noarch",
"product": {
"name": "grub2-pc-modules-1:2.06-104.el9_6.noarch",
"product_id": "grub2-pc-modules-1:2.06-104.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.06-104.el9_6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"product_id": "grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.06-104.el9_6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-tools-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-tools-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-debugsource-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-debugsource-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-104.el9_6?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-pc-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-pc-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-debugsource-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-debugsource-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-104.el9_6?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-tools-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-tools-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.06-104.el9_6?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.06-104.el9_6.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src"
},
"product_reference": "grub2-1:2.06-104.el9_6.src",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.06-104.el9_6.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch"
},
"product_reference": "grub2-common-1:2.06-104.el9_6.noarch",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-debugsource-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-debugsource-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.06-104.el9_6.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-pc-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.06-104.el9_6.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch"
},
"product_reference": "grub2-pc-modules-1:2.06-104.el9_6.noarch",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.06-104.el9_6.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-tools-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-tools-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45774",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-01-13T22:37:58.096000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2337461"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: reader/jpeg: Heap OOB Write during JPEG parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has classified this vulnerability with a Moderate severity due to the high privileges needed to exploit this flaw. Additionally, the attack vector is considered local, further limiting exploitation of this issue.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45774"
},
{
"category": "external",
"summary": "RHBZ#2337461",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45774"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Do not process untrusted JPEG files with grub2.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: reader/jpeg: Heap OOB Write during JPEG parsing"
},
{
"cve": "CVE-2024-45775",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2337481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub\u0027s argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: commands/extcmd: Missing check for failed allocation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has classified this vulnerability with a Moderate severity due to the high privileges needed to exploit this flaw. Additionally, the attack vector is considered local, further limiting exploitation of this issue.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-252: Unchecked Return Value vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nReturn values from critical operations are consistently evaluated through enforced development standards and automated static analysis, reducing the likelihood of logic flaws or silent failures reaching production. Error-handling routines are integrated into application behavior to ensure that failures are properly logged, traced, and contained, maintaining system stability under fault conditions. Additionally, the platform is designed to respond to errors predictably, preventing uncontrolled behavior and ensuring that processes fail in a known, recoverable state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45775"
},
{
"category": "external",
"summary": "RHBZ#2337481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45775"
}
],
"release_date": "2025-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: commands/extcmd: Missing check for failed allocation"
},
{
"cve": "CVE-2024-45776",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-01-21T18:11:28.747000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339182"
}
],
"notes": [
{
"category": "description",
"text": "When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45776"
},
{
"category": "external",
"summary": "RHBZ#2339182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45776"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read."
},
{
"cve": "CVE-2024-45781",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-02-14T21:31:44.750000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345857"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. When reading a symbolic link\u0027s name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: fs/ufs: OOB write in the heap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45781"
},
{
"category": "external",
"summary": "RHBZ#2345857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45781"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: fs/ufs: OOB write in the heap"
},
{
"cve": "CVE-2024-45783",
"cwe": {
"id": "CWE-911",
"name": "Improper Update of Reference Count"
},
"discovery_date": "2025-02-14T22:13:21.370000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn\u0027t properly set an ERRNO value. This issue may lead to a NULL pointer access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: fs/hfs+: refcount can be decremented twice",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45783"
},
{
"category": "external",
"summary": "RHBZ#2345863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45783"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: fs/hfs+: refcount can be decremented twice"
},
{
"cve": "CVE-2025-0622",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-02-14T22:20:05.935000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345865"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: command/gpg: Use-after-free due to hooks not being removed on module unload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated the security impact for this flaw as Moderate due to the high privileges needed and the complexity involved to exploit this vulnerability.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-416: Use After Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute or modify code. Red Hat also enforces least functionality, enabling only essential features, services, and ports. Hardening guidelines ensure the most restrictive settings required for operations, while baseline configurations enforce safe memory allocation and deallocation practices to reduce the risk of use-after-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code and provide real-time visibility into memory usage, lowering the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0622"
},
{
"category": "external",
"summary": "RHBZ#2345865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0622"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: command/gpg: Use-after-free due to hooks not being removed on module unload"
},
{
"cve": "CVE-2025-0677",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-02-17T15:04:39.393000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346116"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. When performing a symlink lookup, the grub\u0027s UFS module checks the inode\u0027s data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability with Moderate severity, as it requires high privileges to exploit.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0677"
},
{
"category": "external",
"summary": "RHBZ#2346116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0677"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks"
},
{
"cve": "CVE-2025-0690",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-02-17T15:37:14.300000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346123"
}
],
"notes": [
{
"category": "description",
"text": "The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it\u0027s possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub\u0027s internal critical data and secure boot bypass is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: read: Integer overflow may lead to out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability with Moderate severity as it requires physical access and high privileges to exploit it.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-190: Integer Overflow or Wraparound leads to CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat follows best practices and federal requirements for least privilege, allowing only specific processes to run under isolated, task-specific accounts with limited permissions tailored to team and federal platform roles. The environment employs file integrity checks and malicious code protections\u2014including IPS/IDS and antimalware tools\u2014to detect and prevent buffer overflow exploitation. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0690"
},
{
"category": "external",
"summary": "RHBZ#2346123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0690"
},
{
"category": "external",
"summary": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html",
"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:36:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:6990"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.6.0.GA:grub2-1:2.06-104.el9_6.src",
"BaseOS-9.6.0.GA:grub2-common-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-debugsource-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-cdboot-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-efi-aa64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-efi-x64-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-cdboot-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-efi-x64-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-emu-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-pc-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-ppc64le-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-ppc64le-modules-1:2.06-104.el9_6.noarch",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-efi-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-extra-debuginfo-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-1:2.06-104.el9_6.x86_64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.aarch64",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.ppc64le",
"BaseOS-9.6.0.GA:grub2-tools-minimal-debuginfo-1:2.06-104.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: read: Integer overflow may lead to out-of-bounds write"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…