What is the CVSS score of CVE-2024-45782?

CVE-2024-45782 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Enterprise Linux are affected by CVE-2024-45782?

Organizations using A flaw face notable risk from CVE-2024-45782, a out-of-bounds write vulnerability rated CVSS 7.8.. A patch is available.

How to fix or mitigate CVE-2024-45782?

Within 7 days: Identify all affected systems and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.

Enterprise Linux CVE-2024-45782

HIGH

Out-of-bounds Write (CWE-787)

2025-03-03 secalert@redhat.com

Buffer Overflow Information Disclosure Memory Corruption Red Hat Enterprise Linux Grub2 Openshift Container Platform Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 02, 2026 - 14:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:29 vuln.today

CVE Published

Mar 03, 2025 - 17:15 nvd

HIGH 7.8

DescriptionNVD

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.

AnalysisAI

A flaw was found in the HFS filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass. Affected products include: Gnu Grub2, Redhat Openshift Container Platform, Redhat Enterprise Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).