Vulnerabilities > CVE-2024-45780 - Unspecified vulnerability in GNU Grub2

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gnu

NVD

Published: 2025-03-03

Updated: 2025-03-07

Summary

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Grub2 *	1

References

https://access.redhat.com/security/cve/CVE-2024-45780
https://bugzilla.redhat.com/show_bug.cgi?id=2345856
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html