Untriaged
Permalink
CVE-2025-0690
6.1 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): PHYSICAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Grub2: read: integer overflow may lead to out-of-bounds write
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
References
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHSA-2025:6990 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-0690 x_refsource_REDHAT vdb-entry
- RHBZ#2346123 issue-tracking x_refsource_REDHAT
- https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
Affected products
grub2
- =<2.12
- *
rhcos
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>