Debian Grub2 vulnerabilities

CVE-2025-0689 [HIGH] CVE-2025-0689: grub2 - When reading data from disk, the grub's UDF filesystem module utilizes the user ... When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based b

CVE-2025-0678 [HIGH] CVE-2025-0678: grub2 - A flaw was found in grub2. When reading data from a squash4 filesystem, grub's s... A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub

CVE-2025-1125 [HIGH] CVE-2025-1125: grub2 - When reading data from a hfs filesystem, grub's hfs filesystem module uses user-... When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation wi

CVE-2025-0624 [HIGH] CVE-2025-0624: grub2 - A flaw was found in grub2. During the network boot process, when trying to searc... A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write

CVE-2025-61662 [HIGH] CVE-2025-61662: grub2 - A Use-After-Free vulnerability has been discovered in GRUB's gettext module. Thi... A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could

CVE-2025-54770 [MEDIUM] CVE-2025-54770: grub2 - A vulnerability has been identified in the GRUB2 bootloader's network module tha... A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory loc

CVE-2025-0622 [MEDIUM] CVE-2025-0622: grub2 - A flaw was found in command/gpg. In some scenarios, hooks created by loaded modu... A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code executi

CVE-2025-0677 [MEDIUM] CVE-2025-0677: grub2 - A flaw was found in grub2. When performing a symlink lookup, the grub's UFS modu... A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the

CVE-2025-0686 [MEDIUM] CVE-2025-0686: grub2 - A flaw was found in grub2. When performing a symlink lookup from a romfs filesys... A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing

CVE-2025-0684 [MEDIUM] CVE-2025-0684: grub2 - A flaw was found in grub2. When performing a symlink lookup from a reiserfs file... A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it

CVE-2025-61663 [MEDIUM] CVE-2025-61663: grub2 - A vulnerability has been identified in the GRUB2 bootloader's normal command tha... A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer

CVE-2025-0690 [MEDIUM] CVE-2025-0690: grub2 - The read command is used to read the keyboard input from the user, while reads i... The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This f

CVE-2025-4382 [MEDIUM] CVE-2025-4382: grub2 - A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured ... A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and

CVE-2025-0685 [MEDIUM] CVE-2025-0685: grub2 - A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs f... A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a gru

CVE-2025-61661 [MEDIUM] CVE-2025-61661: grub2 - A vulnerability has been identified in the GRUB (Grand Unified Bootloader) compo... A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this iss

CVE-2025-61664 [MEDIUM] CVE-2025-61664: grub2 - A vulnerability in the GRUB2 bootloader has been identified in the normal module... A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a

CVE-2025-54771 [MEDIUM] CVE-2025-54771: grub2 - A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unifie... A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or c

CVE-2025-1118 [MEDIUM] CVE-2025-1118: grub2 - A flaw was found in grub2. Grub's dump command is not blocked when grub is in lo... A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.12-6) sid: resolved (fixed in

CVE-2024-45782 [HIGH] CVE-2024-45782: grub2 - A flaw was found in the HFS filesystem. When reading an HFS volume's name at gru... A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a sec

CVE-2024-56737 [HIGH] CVE-2024-56737: grub2 - GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c v... GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.12-6) sid: resolved (fixed in 2.12-6) trixie: resolved (fixed in 2.12-6)