Untriaged
Permalink
CVE-2025-0624
7.6 HIGH
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Grub2: net: out-of-bounds write in grub_net_search_config_file()
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
References
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
- https://security.netapp.com/advisory/ntap-20250516-0006/
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2521 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2653 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2655 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2675 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2784 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2799 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2867 x_refsource_REDHAT vendor-advisory
- RHSA-2025:2869 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3297 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3301 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3367 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3396 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3573 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3577 x_refsource_REDHAT vendor-advisory
- RHSA-2025:3780 x_refsource_REDHAT vendor-advisory
- RHSA-2025:4422 x_refsource_REDHAT vendor-advisory
- RHSA-2025:7702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0624 x_refsource_REDHAT vdb-entry
- RHBZ#2346112 issue-tracking x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20250516-0006/
Affected products
grub2
- =<2.12
- *
rhcos
- *
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>