CVE-2025-0624 — Out-of-bounds Write in Grub2

CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

7.6HIGHNVD

EPSS

0.8%

top 26.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2 Debian Grub2 Msrc Azl3 Grub2 2.06-24 ON Azure Linux 3.0 +2 more

Timeline

PublishedFeb 19

Latest updateJul 15

Description

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for …

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages5 packages

▶debiandebian/grub2< grub2 2.12-6 (forky)

▶Debiangnu/grub2< 2.12-6+1

▶msrcmsrc/cm2_grub2_2.06-14_on_cbl_mariner_2.0

▶msrcmsrc/azl3_grub2_2.06-24_on_azure_linux_3.0

▶msrcmsrc/cbl2_grub2_2.06-14_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2025-0624: A flaw was found in grub2↗2025-02-19

▶

GHSA

GHSA-q3rr-g46f-jgqr: A flaw was found in grub2↗2025-02-19

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Platform (grub2) — CVE-2025-0624↗2025-07-15

▶

Red Hat

grub2: net: Out-of-bounds write in grub_net_search_config_file()↗2025-02-18

▶

Microsoft

Grub2: net: out-of-bounds write in grub_net_search_config_file()↗2025-02-11

▶

Debian

CVE-2025-0624: grub2 - A flaw was found in grub2. During the network boot process, when trying to searc...↗2025

▶