Untriaged
Permalink
CVE-2025-0689
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution
When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
References
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHBZ#2346122 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0689 x_refsource_REDHAT vdb-entry
Affected products
grub2
- =<2.12
rhcos
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>