Updated: 2025-03-26 01:41:36.05428
Description:
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 6 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | grub2 | 2.06 | 6.0 | MEDIUM | Ignored | 2025-02-27 22:01:47 | ||
| CentOS 7 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Ignored | 2025-03-06 22:04:51 | ||
| CentOS 8.4 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Not Vulnerable | 2025-03-11 23:08:48 | ||
| CentOS 8.5 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Not Vulnerable | 2025-03-11 23:08:48 | ||
| CentOS Stream 8 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Not Vulnerable | 2025-03-12 23:11:13 | ||
| CloudLinux 7 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Ignored | 2025-03-27 03:39:04 | We have reasoned not to fix this issue since the upstream fix involves switching several grub2 modul... | |
| Oracle Linux 7 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Ignored | 2025-03-06 22:04:47 | ||
| RHEL 7 ELS | grub2 | 2.02 | 6.0 | MEDIUM | Ignored | 2025-05-13 04:16:22 |