What is the CVSS score of CVE-2024-45779?

CVE-2024-45779 has a CVSS 3.1 base score of 6.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Grub2 are affected by CVE-2024-45779?

Organizations using An integer overflow flaw should be aware of moderate risk from CVE-2024-45779, a integer overflow vulnerability rated CVSS 6.0.. A patch is available.

How to fix or mitigate CVE-2024-45779?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Grub2 CVE-2024-45779

MEDIUM

Integer Overflow or Wraparound (CWE-190)

2025-03-03 secalert@redhat.com

Information Disclosure Integer Overflow Red Hat Grub2 Suse

6.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 02, 2026 - 14:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:29 vuln.today

CVE Published

Mar 03, 2025 - 15:15 nvd

MEDIUM 6.0

DescriptionNVD

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.

AnalysisAI

An integer overflow flaw was found in the BFS file system driver in grub2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash. Affected products include: Gnu Grub2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.