{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-0624: net: Out-of-bounds write in grub_net_search_configfile()\n- CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write\n- CVE-2025-1118: commands/dump: The dump command is not in lockdown when\n secure boot is enabled\n- CVE-2025-0678: squash4: Integer overflow may lead to heap based\n out-of-bounds write when reading data\n- CVE-2025-1125: fs/hfs: Integer overflow may lead to heap based\n out-of-bounds write", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/advisories/2025/clsa-2025_1744222859.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1744222859", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1744222859" } ], "tracking": { "current_release_date": "2025-05-19T15:26:12Z", "generator": { "date": "2025-05-19T15:26:12Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1744222859", "initial_release_date": "2025-04-09T18:21:01Z", "revision_history": [ { "date": "2025-04-09T18:21:01Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T15:26:12Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "grub2: Fix of 5 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.4", "product": { "name": "Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-tools-extra@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-tools-minimal@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-x64@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-pc@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-ia32@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-x64-cdboot@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-ia32-cdboot@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-tools@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "product": { "name": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "product_id": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-common@2.02-106.el8.tuxcare.els9?arch=noarch&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "product": { "name": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "product_id": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-ia32-modules@2.02-106.el8.tuxcare.els9?arch=noarch&epoch=1" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch" }, "product_reference": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch" }, "product_reference": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-0622", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-0622" } ], "release_date": "2025-02-18T18:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-1125", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-1125" } ], "release_date": "2025-02-18T18:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-45780", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45780" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2024-45780", "url": "https://access.redhat.com/security/cve/CVE-2024-45780" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856" }, { "category": "external", "summary": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "release_date": "2025-03-03T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-45775", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45775" } ], "release_date": "2025-01-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-45777", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45777" } ], "release_date": "2025-02-18T18:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-1048", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "notes": [ { "category": "description", "text": "A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-1048" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:2456", "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3184", "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2024-1048", "url": "https://access.redhat.com/security/cve/CVE-2024-1048" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/02/06/3", "url": "https://www.openwall.com/lists/oss-security/2024/02/06/3" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/02/06/3", "url": "http://www.openwall.com/lists/oss-security/2024/02/06/3" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240223-0007/", "url": "https://security.netapp.com/advisory/ntap-20240223-0007/" } ], "release_date": "2024-02-06T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-56737", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56737" } ], "release_date": "2024-12-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-45774", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45774" } ], "release_date": "2025-02-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-0624", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-0624" } ], "release_date": "2025-02-18T18:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-45781", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-45781" } ], "release_date": "2025-02-18T18:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }