CVE-2024-45778

Severity

5.5MEDIUM

EPSS

0.0%

top 95.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 3

Latest updateMar 11

Description

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.5 | Impact: 3.6

▶Debiangrub2< 2.12-6+1

▶NVDgnu/grub22.12

Also affects: Enterprise Linux 7.0, 8.0, 9.0, Openshift Container Platform 4.0

CVEList

Grub2: fs/bfs: integer overflow in the bfs parser.↗2025-03-03

▶

OSV

CVE-2024-45778: A stack overflow flaw was found when reading a BFS file system↗2025-03-03

▶

GHSA

GHSA-vpmj-h28j-ffpp: A stack overflow flaw was found when reading a BFS file system↗2025-03-03

▶

Microsoft

Grub2: fs/bfs: integer overflow in the bfs parser.↗2025-03-11

▶

Red Hat

grub2: fs/bfs: Integer overflow in the BFS parser.↗2025-02-18

▶

Debian

CVE-2024-45778: grub2 - A stack overflow flaw was found when reading a BFS file system. A crafted BFS fi...↗2024

▶