Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-1118

created 4 months, 3 weeks ago

Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

Affected products

grub2

*
=<2.12

rhcos

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

nixos-unstable -
- nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@hehongbo Hongbo
@digitalrane Rane <rane+git@junkyard.systems>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.grub2_pvgrub_image

pkgs.grub2_pvhgrub_image

Package maintainers