CVE-2025-1125Out-of-bounds Write in Grub2

CWE-787Out-of-bounds Write7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Grub2
Timeline
PublishedMar 3
Latest updateMar 11

Description

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debiangnu/grub2< 2.12-6+1
NVDgnu/grub22.12

🔴Vulnerability Details

3
GHSA
GHSA-jqm6-8ggx-r3ww: When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the in2025-03-03
OSV
CVE-2025-1125: When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the in2025-03-03
CVEList
Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write2025-03-03

📋Vendor Advisories

3
Microsoft
Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write2025-03-11
Red Hat
grub2: fs/hfs: Integer overflow may lead to heap based out-of-bounds write2025-02-18
Debian
CVE-2025-1125: grub2 - When reading data from a hfs filesystem, grub's hfs filesystem module uses user-...2025
CVE-2025-1125 — Out-of-bounds Write in GNU Grub2 | cvebase