CVE-2025-0677 — Out-of-bounds Write in Grub2

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2 Debian Grub2 Msrc Azl3 Grub2 2.06-24 ON Azure Linux 3.0 +3 more

Timeline

PublishedFeb 19

Description

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by craft…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/grub2< grub2 2.12-6 (forky)

▶Debiangnu/grub2< 2.12-6+1

▶msrcmsrc/azl3_grub2_2.06-24_on_azure_linux_3.0

▶msrcmsrc/azl3_grub2_2.06-25_on_azure_linux_3.0

▶msrcmsrc/cbl2_grub2_2.06-14_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-h592-gmp8-rvr7: A flaw was found in grub2↗2025-02-19

▶

OSV

CVE-2025-0677: A flaw was found in grub2↗2025-02-19

▶

📋Vendor Advisories

Red Hat

grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks↗2025-02-18

▶

Microsoft

Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks↗2025-02-11

▶

Debian

CVE-2025-0677: grub2 - A flaw was found in grub2. When performing a symlink lookup, the grub's UFS modu...↗2025

▶