Untriaged
Permalink
CVE-2024-45776
6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
References
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHSA-2025:16154 x_refsource_REDHAT vendor-advisory
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- RHSA-2025:16154 x_refsource_REDHAT vendor-advisory
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-45776 x_refsource_REDHAT vdb-entry
- RHBZ#2339182 issue-tracking x_refsource_REDHAT
- RHSA-2025:16154 x_refsource_REDHAT vendor-advisory
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
Affected products
grub2
- =<2.12
- *
rhcos
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>