CVE-2024-45776
Public on 2025-02-18
Modified on 2025-02-24
Description
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | grub2 | Pending Fix | ||
| HAQM Linux 2023 | grub2 | 2025-04-09 | ALAS2023-2025-937 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| NVD | CVSSv3 | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |