Skip to main content

Grub2 CVE-2024-45777

MEDIUM
Out-of-bounds Write (CWE-787)
2025-02-19 secalert@redhat.com
6.7
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.7 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Apr 02, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:27 vuln.today
CVE Published
Feb 19, 2025 - 18:15 nvd
MEDIUM 6.7

DescriptionCVE.org

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

AnalysisAI

A flaw was found in grub2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. Affected products include: Gnu Grub2, Redhat Openshift, Redhat Enterprise Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Grub2

View all
CVE-2015-8370 HIGH POC
7.4 Dec 16

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, ob

CVE-2023-4692 HIGH POC
7.8 Oct 25

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. Rated high severity (CVSS 7.8), this vulnerabil

CVE-2024-2312 MEDIUM POC
6.7 Apr 05

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI syst

CVE-2020-15707 MEDIUM POC
6.4 Jul 29

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRU

CVE-2024-56737 HIGH
8.8 Dec 29

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesys

CVE-2022-2601 HIGH
8.6 Dec 14

A buffer overflow was found in grub_font_construct_glyph(). Rated high severity (CVSS 8.6), this vulnerability is no aut

CVE-2023-4693 MEDIUM POC
4.6 Oct 25

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. Rated medium severity (CVSS 4.6), this vulnerabi

CVE-2021-20233 HIGH
8.2 Mar 03

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack co

CVE-2020-10713 HIGH
8.2 Jul 30

A flaw was found in grub2, prior to version 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack compl

CVE-2025-0678 HIGH
7.8 Mar 03

A flaw was found in grub2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch

CVE-2024-45782 HIGH
7.8 Mar 03

A flaw was found in the HFS filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No

CVE-2025-1125 HIGH
7.8 Mar 03

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesyste

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.30 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.40 Affected
Container suse/sle-micro-rancher/5.2:latest Image SLES15-SP3-BYOS-Azure Image SLES15-SP3-BYOS-GCE Image SLES15-SP3-HPC-BYOS-Azure Image SLES15-SP3-HPC-BYOS-GCE Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-GCE Affected
Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-Azure Image SLES15-SP4-CHOST-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-SAP-CCloud Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS-Azure Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-BYOS-Azure Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAP-Hardened Image SLES15-SP4-SAP-Hardened-Azure Image SLES15-SP4-SAP-Hardened-BYOS-Azure Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-GCE Affected

Share

CVE-2024-45777 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy