Updated: 2025-03-26 01:39:23.93399
Description:
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | grub2 | 2.06 | 7.8 | HIGH | Released | CLSA-2025:1742805183 | 2025-03-25 03:27:45 | |
| CentOS 7 ELS | grub2 | 2.02 | 7.8 | HIGH | Released | CLSA-2025:1744724536 | 2025-04-24 04:07:20 | |
| CentOS 8.4 ELS | grub2 | 2.02 | 7.8 | HIGH | Released | CLSA-2025:1744222859 | 2025-04-10 03:16:11 | |
| CentOS 8.5 ELS | grub2 | 2.02 | 7.8 | HIGH | Released | CLSA-2025:1744628858 | 2025-04-15 04:04:08 | |
| CentOS Stream 8 ELS | grub2 | 2.02 | 7.8 | HIGH | Released | CLSA-2025:1744213211 | 2025-04-10 03:16:13 | |
| CloudLinux 7 ELS | grub2 | 2.02 | 7.8 | HIGH | Released | CLSA-2025:1744219840 | 2025-04-24 04:06:38 | |
| Oracle Linux 7 ELS | grub2 | 2.02 | 7.8 | HIGH | Released | CLSA-2025:1744717794 | 2025-04-16 04:36:17 | |
| RHEL 7 ELS | grub2 | 2.02 | 7.8 | HIGH | In Progress | 2025-05-14 04:49:12 |