Untriaged
Permalink
CVE-2024-45775
5.2 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Grub2: commands/extcmd: missing check for failed allocation
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
References
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45775 x_refsource_REDHAT vdb-entry
- RHBZ#2337481 issue-tracking x_refsource_REDHAT
Affected products
grub2
- =<2.12
- *
rhcos
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>