NIXPKGS-2025-0017

GitHub issue published on 18 Dec 2025

Permalink CVE-2025-61663

4.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

updated 3 months, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 1 week ago
@LeSuisse removed
4 maintainers
- @SigmaSquadron
- @hehongbo
- @digitalrane
- @CertainLach
3 months, 1 week ago
@LeSuisse removed
2 packages
- grub2_pvgrub_image
- grub2_pvhgrub_image
3 months, 1 week ago
@LeSuisse accepted 3 months, 1 week ago
@LeSuisse published on GitHub 3 months, 1 week ago

Grub2: missing unregister call for normal commands may lead to use-after-free

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.

References

https://access.redhat.com/security/cve/CVE-2025-61663 x_refsource_REDHAT vdb-entry
RHBZ#2414684 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-61663 x_refsource_REDHAT vdb-entry
RHBZ#2414684 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-61663 x_refsource_REDHAT vdb-entry
RHBZ#2414684 issue-tracking x_refsource_REDHAT

Affected products

grub2

=<2.14

rhcos

Nixpkgs Security Tracker

Details of issue NIXPKGS-2025-0017

References

Affected products