CVE-2025-1118 — Trust Boundary Violation in Grub2

CWE-501 — Trust Boundary Violation CWE-416 — Use After Free7 documents6 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 96.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2 Debian Grub2 Msrc Azl3 Grub2 2.06-24 ON Azure Linux 3.0 +5 more

Timeline

PublishedFeb 19

Description

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages8 packages

▶debiandebian/grub2< grub2 2.12-6 (forky)

▶Debiangnu/grub2< 2.12-6+1

▶msrcmsrc/azl3_grub2_2.06-24_on_azure_linux_3.0

▶msrcmsrc/azl3_grub2_2.06-25_on_azure_linux_3.0

▶msrcmsrc/cbl2_grub2_2.06-14_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-5r25-p9f2-w2xv: A flaw was found in grub2↗2025-02-19

▶

OSV

CVE-2025-1118: A flaw was found in grub2↗2025-02-19

▶

📋Vendor Advisories

Red Hat

grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled↗2025-02-18

▶

Microsoft

Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled↗2025-02-11

▶

Debian

CVE-2025-1118: grub2 - A flaw was found in grub2. Grub's dump command is not blocked when grub is in lo...↗2025

▶

Microsoft

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potenti↗2023-03-14

▶