Grub2
by Rhboot
Source repositories
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0624 | Hig | 0.50 | 7.6 | 0.01 | Feb 19, 2025 | A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the… | ||
| CVE-2023-4692 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap… | ||
| CVE-2024-49504 | Hig | 0.46 | — | 0.00 | Nov 13, 2024 | grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. | ||
| CVE-2024-45780 | Med | 0.44 | 6.7 | 0.00 | Mar 3, 2025 | A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file,… | ||
| CVE-2024-45777 | Med | 0.44 | 6.7 | 0.00 | Feb 19, 2025 | A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data,… | ||
| CVE-2024-45781 | Med | 0.44 | 6.7 | 0.00 | Feb 18, 2025 | A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to… | ||
| CVE-2024-45776 | Med | 0.44 | 6.7 | 0.00 | Feb 18, 2025 | When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to… | ||
| CVE-2025-0686 | Med | 0.42 | 6.4 | 0.00 | Mar 3, 2025 | A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A… | ||
| CVE-2025-0685 | Med | 0.42 | 6.4 | 0.00 | Mar 3, 2025 | A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted… | ||
| CVE-2025-0684 | Med | 0.42 | 6.4 | 0.00 | Mar 3, 2025 | A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly… | ||
| CVE-2024-45779 | Med | 0.39 | 6.0 | 0.00 | Mar 3, 2025 | An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file… | ||
| CVE-2024-45775 | Med | 0.34 | 5.2 | 0.00 | Feb 18, 2025 | A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the… | ||
| CVE-2025-61664 | Med | 0.32 | 4.9 | 0.00 | Nov 18, 2025 | A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking… |
- risk 0.50cvss 7.6epss 0.01
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the…
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap…
- risk 0.46cvss —epss 0.00
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
- risk 0.44cvss 6.7epss 0.00
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file,…
- risk 0.44cvss 6.7epss 0.00
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data,…
- risk 0.44cvss 6.7epss 0.00
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to…
- risk 0.44cvss 6.7epss 0.00
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to…
- risk 0.42cvss 6.4epss 0.00
A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A…
- risk 0.42cvss 6.4epss 0.00
A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted…
- risk 0.42cvss 6.4epss 0.00
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly…
- risk 0.39cvss 6.0epss 0.00
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file…
- risk 0.34cvss 5.2epss 0.00
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the…
- risk 0.32cvss 4.9epss 0.00
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking…