{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/vex/2025/cve-2025-0624-els_os-centos8_4els.json" } ], "title": "Security update on CVE-2025-0624", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-0624-ELS_OS-CENTOS8.4ELS", "initial_release_date": "2025-02-18T18:00:00Z", "revision_history": [ { "date": "2025-02-18T18:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T15:26:12Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.4", "product": { "name": "Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-tools-extra@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-tools-minimal@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-x64@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-pc@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-ia32@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-x64-cdboot@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-ia32-cdboot@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "product": { "name": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "product_id": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-tools@2.02-106.el8.tuxcare.els9?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "product": { "name": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "product_id": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-common@2.02-106.el8.tuxcare.els9?arch=noarch&epoch=1" } } }, { "category": "product_version", "name": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "product": { "name": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "product_id": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/grub2-efi-ia32-modules@2.02-106.el8.tuxcare.els9?arch=noarch&epoch=1" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch" }, "product_reference": "grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch" }, "product_reference": "grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" }, "product_reference": "grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64", "relates_to_product_reference": "CentOS-8.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-0624", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-0624" } ], "release_date": "2025-02-18T18:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8.4:grub2-tools-extra-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-tools-minimal-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-pc-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-x64-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-common-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-efi-ia32-cdboot-1:2.02-106.el8.tuxcare.els9.x86_64", "CentOS-8.4:grub2-efi-ia32-modules-1:2.02-106.el8.tuxcare.els9.noarch", "CentOS-8.4:grub2-tools-1:2.02-106.el8.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }