Vulnerability-Lookup

CVE-2024-45781 (GCVE-0-2024-45781)

Vulnerability from cvelistv5 – Published: 2025-02-18 19:25 – Updated: 2026-01-29 18:19

Title

Grub2: fs/ufs: oob write in the heap

Summary

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:16154	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:6990	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-45781	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2345857	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , ≤ 2.12 (semver)

Red Hat	Red Hat Enterprise Linux 10	Unaffected: 1:2.12-15.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux:10.0
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 1:2.06-104.el9_6 , < * (rpm) cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T14:43:23.432163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T15:15:15.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://ftp.gnu.org/gnu/grub/",
          "defaultStatus": "unaffected",
          "packageName": "grub2",
          "versions": [
            {
              "lessThanOrEqual": "2.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.12-15.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.06-104.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "grub2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-18T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in grub2. When reading a symbolic link\u0027s name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T18:19:44.796Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:16154",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16154"
        },
        {
          "name": "RHSA-2025:6990",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:6990"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-45781"
        },
        {
          "name": "RHBZ#2345857",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-14T21:31:44.750Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-18T18:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Grub2: fs/ufs: oob write in the heap",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-45781",
    "datePublished": "2025-02-18T19:25:57.168Z",
    "dateReserved": "2024-09-08T01:57:12.948Z",
    "dateUpdated": "2026-01-29T18:19:44.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45781\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-19T14:43:23.432163Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-19T14:43:24.921Z\"}}], \"cna\": {\"title\": \"Grub2: fs/ufs: oob write in the heap\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.12\"}], \"packageName\": \"grub2\", \"collectionURL\": \"https://ftp.gnu.org/gnu/grub/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:2.12-15.el10_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"grub2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1:2.06-104.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"grub2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"grub2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"grub2\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-02-14T21:31:44.750Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-02-18T18:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-02-18T18:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:16154\", \"name\": \"RHSA-2025:16154\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:6990\", \"name\": \"RHSA-2025:6990\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-45781\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2345857\", \"name\": \"RHBZ#2345857\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in grub2. When reading a symbolic link\u0027s name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-01-29T18:19:44.796Z\"}, \"x_redhatCweChain\": \"CWE-787: Out-of-bounds Write\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45781\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-29T18:19:44.796Z\", \"dateReserved\": \"2024-09-08T01:57:12.948Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-02-18T19:25:57.168Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CNVD-2025-17788

Vulnerability from cnvd - Published: 2025-08-08

Title

GNU GRUB越界写入漏洞

Description

GNU GRUB是GNU社区的一款Linux系统引导程序。 GNU GRUB存在越界写入漏洞，该漏洞源于UFS符号链接长度未验证，攻击者可利用该漏洞注入恶意代码，篡改内存中的关键数据。

Severity

中

Formal description

目前没有详细的解决方案提供： https://bugzilla.redhat.com/show_bug.cgi?id=2345857

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-45781

Impacted products

Name
GNU GRUB

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-45781",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781"
    }
  },
  "description": "GNU GRUB\u662fGNU\u793e\u533a\u7684\u4e00\u6b3eLinux\u7cfb\u7edf\u5f15\u5bfc\u7a0b\u5e8f\u3002\n\nGNU GRUB\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eUFS\u7b26\u53f7\u94fe\u63a5\u957f\u5ea6\u672a\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u4ee3\u7801\uff0c\u7be1\u6539\u5185\u5b58\u4e2d\u7684\u5173\u952e\u6570\u636e\u3002",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2345857",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-17788",
  "openTime": "2025-08-08",
  "products": {
    "product": "GNU GRUB"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781",
  "serverity": "\u4e2d",
  "submitTime": "2025-08-05",
  "title": "GNU GRUB\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e"
}

cve-2024-45781

Vulnerability from osv_almalinux

Published

2025-09-18 00:00

Modified

2025-09-25 11:34

Summary

Moderate: grub2 security update

Details

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled (CVE-2025-1118)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "grub2-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.12-15.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "grub2-efi-aa64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.12-15.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "grub2-efi-x64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.12-15.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "grub2-pc-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.12-15.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "grub2-ppc64le-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.12-15.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.  \n\nSecurity Fix(es):  \n\n  * grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)\n  * grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)\n  * grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)\n  * grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)\n  * grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled (CVE-2025-1118)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:16154",
  "modified": "2025-09-25T11:34:59Z",
  "published": "2025-09-18T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:16154"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-0622"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-0677"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1118"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339182"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2345857"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2345865"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2346116"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2346137"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-16154.html"
    }
  ],
  "related": [
    "CVE-2024-45776",
    "CVE-2024-45781",
    "CVE-2025-0622",
    "CVE-2025-0677",
    "CVE-2025-1118"
  ],
  "summary": "Moderate: grub2 security update"
}

cve-2024-45781

Vulnerability from osv_almalinux

Published

2025-05-13 00:00

Modified

2025-07-02 13:49

Summary

Moderate: grub2 security update

Details

Security Fix(es):

grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774)
grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775)
grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783)
grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-aa64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-aa64-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-aa64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-x64-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-x64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-pc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-pc-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-ppc64le"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-ppc64le-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools-efi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools-minimal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-104.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.  \n\nSecurity Fix(es):  \n\n  * grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774)\n  * grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775)\n  * grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)\n  * grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)\n  * grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783)\n  * grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)\n  * grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)\n  * grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  \n\nAdditional Changes:  \n\nFor detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.\n",
  "id": "ALSA-2025:6990",
  "modified": "2025-07-02T13:49:48Z",
  "published": "2025-05-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:6990"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-0622"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-0677"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-0690"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2337461"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2337481"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2339182"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2345857"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2345863"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2345865"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2346116"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2346123"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-6990.html"
    }
  ],
  "related": [
    "CVE-2024-45774",
    "CVE-2024-45775",
    "CVE-2024-45776",
    "CVE-2024-45781",
    "CVE-2024-45783",
    "CVE-2025-0622",
    "CVE-2025-0677",
    "CVE-2025-0690"
  ],
  "summary": "Moderate: grub2 security update"
}

GHSA-2XFX-CG6V-CWQV

Vulnerability from github – Published: 2025-02-18 21:32 – Updated: 2025-09-18 09:31

Details

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-45781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-18T20:15:19Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in grub2. When reading a symbolic link\u0027s name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.",
  "id": "GHSA-2xfx-cg6v-cwqv",
  "modified": "2025-09-18T09:31:12Z",
  "published": "2025-02-18T21:32:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:16154"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:6990"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45781"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-45781

Vulnerability from fstec - Published: 11.02.2025

Title

Уязвимость файловой системы UFS загрузчика операционных систем Grub2, позволяющая нарушителю обойти механизм безопасной загрузки

Description

Уязвимость файловой системы UFS загрузчика операционных систем Grub2 связана с записью за границами буфера памяти. Эксплуатация уязвимости может позволить нарушителю обойти механизм безопасной загрузки

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

Novell Inc., Erich Boleyn, Сообщество свободного программного обеспечения, ООО «Ред Софт», Red Hat Inc., АО «НТЦ ИТ РОСА», ООО «НЦПР»

Software Name

Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, SUSE CaaS Platform, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Module for Server Applications, SUSE OpenStack Cloud Crowbar, SUSE Enterprise Storage, HPE Helion Openstack, Grub2, SUSE Manager Proxy, SUSE Manager Retail Branch Server, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), SUSE Linux Enterprise High Performance Computing, SUSE Manager Server, SUSE Linux Enterprise Micro, Red Hat OpenShift Container Platform, Red Hat Enterprise Linux, SUSE Linux Enterprise Real Time, openSUSE Leap Micro, РОСА ХРОМ (запись в едином реестре российских программ №1607), SUSE Manager Proxy Module, МСВСфера

Software Version

12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 3.0 (SUSE CaaS Platform), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 (SUSE Linux Enterprise Module for Server Applications), 12 SP3-BCL (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud Crowbar), 6 (SUSE Enterprise Storage), 8 (HPE Helion Openstack), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 9 (SUSE OpenStack Cloud Crowbar), 15-LTSS (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Module for Basesystem), 11 SP4 (Suse Linux Enterprise Desktop), - (Grub2), 15 SP2 (SUSE Linux Enterprise Module for Server Applications), 11 SP2 (Suse Linux Enterprise Server), 10 SP4 LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 4.0 (SUSE CaaS Platform), 12 SP4-LTSS (Suse Linux Enterprise Server), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 4.0 (SUSE Manager Proxy), 4.0 (SUSE Manager Retail Branch Server), 15 SP3 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 7 (SUSE Enterprise Storage), 15 SP2 (Suse Linux Enterprise Server), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 5.0 (SUSE Linux Enterprise Micro), 5.1 (SUSE Linux Enterprise Micro), 4.1 (SUSE Manager Retail Branch Server), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 4 (Red Hat OpenShift Container Platform), 15 SP4 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 4.2 (SUSE Manager Retail Branch Server), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Real Time), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 10 SP4 (Suse Linux Enterprise Server), 5.2 (openSUSE Leap Micro), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 5.3 (openSUSE Leap Micro), 15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP3 (SUSE Linux Enterprise Real Time), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP4 (SUSE Linux Enterprise Real Time), 5.4 (openSUSE Leap Micro), 12.4 (РОСА ХРОМ), 5.5 (openSUSE Leap Micro), 6.0 (SUSE Linux Enterprise Micro), 6.1 (SUSE Linux Enterprise Micro), 4.2 (SUSE Manager Proxy Module), 9.5 (МСВСфера)

Possible Mitigations

Компенсирующие меры: - использование средств межсетевого экранирования для ограничения удалённого доступа к загрузчику GRUB; - использование пароля для доступа к загрузчику GRUB в целях предотвращения попыток эксплуатации уязвимости; - использование функционала мониторинга и журналирования для отслеживания попыток доступа к загрузчику GRUB. Использование рекомендаций: Для продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2024-45781.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-45781 Для grub2: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html https://www.openwall.com/lists/oss-security/2025/02/18/3 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2024-45781 Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2025-3000 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:6990?lang=ru

Reference

https://www.suse.com/security/cve/CVE-2024-45781.html https://security-tracker.debian.org/tracker/CVE-2024-45781 https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html https://www.openwall.com/lists/oss-security/2025/02/18/3 https://access.redhat.com/security/cve/CVE-2024-45781 https://abf.rosa.ru/advisories/ROSA-SA-2025-3000 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:6990?lang=ru

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Erich Boleyn, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Red Hat Inc., \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 3.0 (SUSE CaaS Platform), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 (SUSE Linux Enterprise Module for Server Applications), 12 SP3-BCL (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud Crowbar), 6 (SUSE Enterprise Storage), 8 (HPE Helion Openstack), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 9 (SUSE OpenStack Cloud Crowbar), 15-LTSS (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Module for Basesystem), 11 SP4 (Suse Linux Enterprise Desktop), - (Grub2), 15 SP2 (SUSE Linux Enterprise Module for Server Applications), 11 SP2 (Suse Linux Enterprise Server), 10 SP4 LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 4.0 (SUSE CaaS Platform), 12 SP4-LTSS (Suse Linux Enterprise Server), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 4.0 (SUSE Manager Proxy), 4.0 (SUSE Manager Retail Branch Server), 15 SP3 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15 SP3 (SUSE Linux Enterprise High Performance Computing), 15 SP3 (Suse Linux Enterprise Server), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 15 SP3 (Suse Linux Enterprise Desktop), 7 (SUSE Enterprise Storage), 15 SP2 (Suse Linux Enterprise Server), 4.1 (SUSE Manager Server), 4.1 (SUSE Manager Proxy), 5.0 (SUSE Linux Enterprise Micro), 5.1 (SUSE Linux Enterprise Micro), 4.1 (SUSE Manager Retail Branch Server), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 4 (Red Hat OpenShift Container Platform), 15 SP4 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 4.2 (SUSE Manager Retail Branch Server), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Real Time), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 10 SP4 (Suse Linux Enterprise Server), 5.2 (openSUSE Leap Micro), 15 SP4 (SUSE Linux Enterprise Module for Basesystem), 5.3 (openSUSE Leap Micro), 15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP3 (SUSE Linux Enterprise Real Time), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 15 SP5 (SUSE Linux Enterprise High Performance Computing), 15 SP5 (SUSE Linux Enterprise Module for Basesystem), 15 SP4 (SUSE Linux Enterprise Real Time), 5.4 (openSUSE Leap Micro), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), 5.5 (openSUSE Leap Micro), 6.0 (SUSE Linux Enterprise Micro), 6.1 (SUSE Linux Enterprise Micro), 4.2 (SUSE Manager Proxy Module), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0443 GRUB;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u0440\u043e\u043b\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0443 GRUB \u0432 \u0446\u0435\u043b\u044f\u0445 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0430 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0443 GRUB.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-45781.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-45781\n\n\u0414\u043b\u044f grub2:\nhttps://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html\nhttps://www.openwall.com/lists/oss-security/2025/02/18/3\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2024-45781\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2025-3000\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:6990?lang=ru",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-03834",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-45781",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, SUSE CaaS Platform, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Module for Server Applications, SUSE OpenStack Cloud Crowbar, SUSE Enterprise Storage, HPE Helion Openstack, Grub2, SUSE Manager Proxy, SUSE Manager Retail Branch Server, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SUSE Linux Enterprise High Performance Computing, SUSE Manager Server, SUSE Linux Enterprise Micro, Red Hat OpenShift Container Platform, Red Hat Enterprise Linux, SUSE Linux Enterprise Real Time, openSUSE Leap Micro, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), SUSE Manager Proxy Module, \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS , Novell Inc. Suse Linux Enterprise Desktop 12 SP2 , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Novell Inc. Suse Linux Enterprise Desktop 11 SP4 , Erich Boleyn Grub2 - , Novell Inc. Suse Linux Enterprise Server 11 SP2 , Novell Inc. Suse Linux Enterprise Server 10 SP4 LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS , Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Real Time 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP1 , Novell Inc. Suse Linux Enterprise Desktop 15 , Novell Inc. Suse Linux Enterprise Server 10 SP4 , Novell Inc. openSUSE Leap Micro 5.2 , Novell Inc. openSUSE Leap Micro 5.3 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , Novell Inc. SUSE Linux Enterprise Real Time 15 SP4 , Novell Inc. openSUSE Leap Micro 5.4 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Novell Inc. openSUSE Leap Micro 5.5 , \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b UFS \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b UFS \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2024-45781.html\nhttps://security-tracker.debian.org/tracker/CVE-2024-45781\nhttps://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html\nhttps://www.openwall.com/lists/oss-security/2025/02/18/3\nhttps://access.redhat.com/security/cve/CVE-2024-45781\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-3000\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2025:6990?lang=ru",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,7)"
}

FKIE_CVE-2024-45781

Vulnerability from fkie_nvd - Published: 2025-02-18 20:15 - Updated: 2025-09-18 09:15

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:16154
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:6990
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-45781
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2345857

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in grub2. When reading a symbolic link\u0027s name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un defecto en Grub2. Al leer el nombre de un enlace simb\u00f3lico de un sistema de archivos UFS, Grub2 no puede validar la longitud de la cadena tomada como una entrada. La falta de validaci\u00f3n puede conducir a un mont\u00f3n fuera de los l\u00edmites Escribir, causando problemas de integridad de datos y eventualmente permitiendo que un atacante elude las protecciones seguras de arranque."
    }
  ],
  "id": "CVE-2024-45781",
  "lastModified": "2025-09-18T09:15:34.603",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-18T20:15:19.450",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:16154"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:6990"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-45781"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-45781 (GCVE-0-2024-45781)

CNVD-2025-17788

cve-2024-45781

Vulnerability from osv_almalinux

cve-2024-45781

Vulnerability from osv_almalinux

GHSA-2XFX-CG6V-CWQV

CVE-2024-45781

FKIE_CVE-2024-45781

Tags

Sightings

Nomenclature