Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-0677

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months, 1 week ago

Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.

References

https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHSA-2025:16154 x_refsource_REDHAT vendor-advisory
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHSA-2025:16154 x_refsource_REDHAT vendor-advisory
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT
RHSA-2025:16154 x_refsource_REDHAT vendor-advisory
RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-0677 x_refsource_REDHAT vdb-entry
RHBZ#2346116 issue-tracking x_refsource_REDHAT

Affected products

grub2

=<2.12
*

rhcos

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

nixos-unstable -
- nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

nixos-unstable -
- nixpkgs-unstable

Package maintainers