CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2025-0690 – Grub2: read: integer overflow may lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2025-0690
24 Feb 2025 — The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. • https://access.redhat.com/security/cve/CVE-2025-0690 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0677 – Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks
https://notcve.org/view.php?id=CVE-2025-0677
19 Feb 2025 — A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malici... • https://access.redhat.com/security/cve/CVE-2025-0677 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2025-0624 – Grub2: net: out-of-bounds write in grub_net_search_config_file()
https://notcve.org/view.php?id=CVE-2025-0624
19 Feb 2025 — A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot inf... • https://access.redhat.com/security/cve/CVE-2025-0624 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1118 – Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled
https://notcve.org/view.php?id=CVE-2025-1118
19 Feb 2025 — A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory. • https://access.redhat.com/security/cve/CVE-2025-1118 • CWE-501: Trust Boundary Violation •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45777 – Grub2: grub-core/gettext: integer overflow leads to heap oob write.
https://notcve.org/view.php?id=CVE-2024-45777
19 Feb 2025 — A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. • https://access.redhat.com/security/cve/CVE-2024-45777 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2025-0622 – Grub2: command/gpg: use-after-free due to hooks not being removed on module unload
https://notcve.org/view.php?id=CVE-2025-0622
18 Feb 2025 — A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. • https://access.redhat.com/security/cve/CVE-2025-0622 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45783 – Grub2: fs/hfs+: refcount can be decremented twice
https://notcve.org/view.php?id=CVE-2024-45783
18 Feb 2025 — A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access. • https://access.redhat.com/security/cve/CVE-2024-45783 • CWE-911: Improper Update of Reference Count •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45781 – Grub2: fs/ufs: oob write in the heap
https://notcve.org/view.php?id=CVE-2024-45781
18 Feb 2025 — A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections. • https://access.redhat.com/security/cve/CVE-2024-45781 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45776 – Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.
https://notcve.org/view.php?id=CVE-2024-45776
18 Feb 2025 — When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. • https://access.redhat.com/security/cve/CVE-2024-45776 • CWE-787: Out-of-bounds Write •
CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45775 – Grub2: commands/extcmd: missing check for failed allocation
https://notcve.org/view.php?id=CVE-2024-45775
18 Feb 2025 — A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data. • https://access.redhat.com/security/cve/CVE-2024-45775 • CWE-252: Unchecked Return Value •