Source: grub2 Version: 2.12-5 Severity: grave Tags: upstream security Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for grub2. CVE-2024-45774[0]: | A flaw was found in grub2. A specially crafted JPEG file can cause | the JPEG parser of grub2 to incorrectly check the bounds of its | internal buffers, resulting in an out-of-bounds write. The | possibility of overwriting sensitive information to bypass secure | boot protections is not discarded. CVE-2024-45775[1]: | A flaw was found in grub2 where the grub_extcmd_dispatcher() | function calls grub_arg_list_alloc() to allocate memory for the | grub's argument list. However, it fails to check in case the memory | allocation fails. Once the allocation fails, a NULL point will be | processed by the parse_option() function, leading grub to crash or, | in some rare scenarios, corrupt the IVT data. CVE-2024-45776[2]: | When reading the language .mo file in grub_mofile_open(), grub2 | fails to verify an integer overflow when allocating its internal | buffer. A crafted .mo file may lead the buffer size calculation to | overflow, leading to out-of-bound reads and writes. This flaw allows | an attacker to leak sensitive data or overwrite critical data, | possibly circumventing secure boot protections. CVE-2024-45777[3]: | grub-core/gettext: Integer overflow leads to Heap OOB Write CVE-2024-45778[4]: | fs/bfs: Integer overflow in the BFS parser CVE-2024-45779[5]: | fs/bfs: Integer overflow leads to Heap OOB Read (Write?) in the | BFS parser CVE-2024-45780[6]: | fs/tar: Integer Overflow causes Heap OOB Write CVE-2024-45781[7]: | A flaw was found in grub2. When reading a symbolic link's name from | a UFS filesystem, grub2 fails to validate the string length taken as | an input. The lack of validation may lead to a heap out-of-bounds | write, causing data integrity issues and eventually allowing an | attacker to circumvent secure boot protections. CVE-2024-45782[8]: | fs/hfs: strcpy() using the volume name (fs/hfs.c:382) CVE-2024-45783[9]: | A flaw was found in grub2. When failing to mount an HFS+ grub, the | hfsplus filesystem driver doesn't properly set an ERRNO value. This | issue may lead to a NULL pointer access. CVE-2025-0622[10]: | A flaw was found in command/gpg. In some scenarios, hooks created by | loaded modules are not removed when the related module is unloaded. | This flaw allows an attacker to force grub2 to call the hooks once | the module that registered it was unloaded, leading to a use-after- | free vulnerability. If correctly exploited, this vulnerability may | result in arbitrary code execution, eventually allowing the attacker | to bypass secure boot protections. CVE-2025-0624[11]: | net: Out-of-bounds write in grub_net_search_config_file() CVE-2025-0677[12]: | UFS: Integer overflow may lead to heap based out-of-bounds write when | handling symlinks CVE-2025-0678[13]: | squash4: Integer overflow may lead to heap based out-of-bounds write | when reading data CVE-2025-0684[14]: | reiserfs: Integer overflow when handling symlinks may lead to heap | based out-of-bounds write when reading data CVE-2025-0685[15]: | jfs: Integer overflow when handling symlinks may lead to heap based | out-of-bounds write when reading data CVE-2025-0686[16]: | romfs: Integer overflow when handling symlinks may lead to heap based | out-of-bounds write when reading data CVE-2025-0689[17]: | udf: Heap based buffer overflow in grub_udf_read_block() may lead to | arbitrary code execution CVE-2025-0690[18]: | read: Integer overflow may lead to out-of-bounds write CVE-2025-1118[19]: | commands/dump: The dump command is not in lockdown when secure boot | is enabled CVE-2025-1125[20]: | fs/hfs: Interger overflow may lead to heap based out-of-bounds write If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-45774 https://www.cve.org/CVERecord?id=CVE-2024-45774 [1] https://security-tracker.debian.org/tracker/CVE-2024-45775 https://www.cve.org/CVERecord?id=CVE-2024-45775 [2] https://security-tracker.debian.org/tracker/CVE-2024-45776 https://www.cve.org/CVERecord?id=CVE-2024-45776 [3] https://security-tracker.debian.org/tracker/CVE-2024-45777 https://www.cve.org/CVERecord?id=CVE-2024-45777 [4] https://security-tracker.debian.org/tracker/CVE-2024-45778 https://www.cve.org/CVERecord?id=CVE-2024-45778 [5] https://security-tracker.debian.org/tracker/CVE-2024-45779 https://www.cve.org/CVERecord?id=CVE-2024-45779 [6] https://security-tracker.debian.org/tracker/CVE-2024-45780 https://www.cve.org/CVERecord?id=CVE-2024-45780 [7] https://security-tracker.debian.org/tracker/CVE-2024-45781 https://www.cve.org/CVERecord?id=CVE-2024-45781 [8] https://security-tracker.debian.org/tracker/CVE-2024-45782 https://www.cve.org/CVERecord?id=CVE-2024-45782 [9] https://security-tracker.debian.org/tracker/CVE-2024-45783 https://www.cve.org/CVERecord?id=CVE-2024-45783 [10] https://security-tracker.debian.org/tracker/CVE-2025-0622 https://www.cve.org/CVERecord?id=CVE-2025-0622 [11] https://security-tracker.debian.org/tracker/CVE-2025-0624 https://www.cve.org/CVERecord?id=CVE-2025-0624 [12] https://security-tracker.debian.org/tracker/CVE-2025-0677 https://www.cve.org/CVERecord?id=CVE-2025-0677 [13] https://security-tracker.debian.org/tracker/CVE-2025-0678 https://www.cve.org/CVERecord?id=CVE-2025-0678 [14] https://security-tracker.debian.org/tracker/CVE-2025-0684 https://www.cve.org/CVERecord?id=CVE-2025-0684 [15] https://security-tracker.debian.org/tracker/CVE-2025-0685 https://www.cve.org/CVERecord?id=CVE-2025-0685 [16] https://security-tracker.debian.org/tracker/CVE-2025-0686 https://www.cve.org/CVERecord?id=CVE-2025-0686 [17] https://security-tracker.debian.org/tracker/CVE-2025-0689 https://www.cve.org/CVERecord?id=CVE-2025-0689 [18] https://security-tracker.debian.org/tracker/CVE-2025-0690 https://www.cve.org/CVERecord?id=CVE-2025-0690 [19] https://security-tracker.debian.org/tracker/CVE-2025-1118 https://www.cve.org/CVERecord?id=CVE-2025-1118 [20] https://security-tracker.debian.org/tracker/CVE-2025-1125 https://www.cve.org/CVERecord?id=CVE-2025-1125 [21] https://www.openwall.com/lists/oss-security/2025/02/18/3 [22] https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
