INFSA-2025:20532: grub2 security update
Information about definition
Identificator: INFSA-2025:20532
Type: security
Release date: 2025-12-07 22:24:19 UTC
Information about package
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Vulnerabilities description
- CVE-2024-45777
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-45777
|
no information | 6.7 | no information |
Updated packages
Preparing to download...