CVE-2024-45779

CWE-190 — Integer Overflow CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

6.0MEDIUM

EPSS

0.0%

top 96.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2

Timeline

PublishedMar 3

Latest updateMar 11

Description

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

▶Debiangrub2< 2.12-6+1

▶NVDgnu/grub22.12

🔴Vulnerability Details

OSV

CVE-2024-45779: An integer overflow flaw was found in the BFS file system driver in grub2↗2025-03-03

▶

GHSA

GHSA-qg4m-5hg4-34vq: An integer overflow flaw was found in the BFS file system driver in grub2↗2025-03-03

▶

CVEList

Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser↗2025-03-03

▶

📋Vendor Advisories

Microsoft

Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser↗2025-03-11

▶

Red Hat

grub2: fs/bfs: Integer overflow leads to Heap OOB Read in the BFS parser↗2025-02-18

▶

Debian

CVE-2024-45779: grub2 - An integer overflow flaw was found in the BFS file system driver in grub2. When ...↗2024

▶