rhsa-2025:16154
Vulnerability from csaf_redhat
Published
2025-09-18 08:45
Modified
2025-09-18 09:59
Summary
Red Hat Security Advisory: grub2 security update
Notes
Topic
An update for grub2 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
* grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
* grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
* grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
* grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled (CVE-2025-1118)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grub2 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)\n\n* grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)\n\n* grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)\n\n* grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)\n\n* grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled (CVE-2025-1118)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16154",
"url": "https://access.redhat.com/errata/RHSA-2025:16154"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182"
},
{
"category": "external",
"summary": "2345857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
},
{
"category": "external",
"summary": "2345865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865"
},
{
"category": "external",
"summary": "2346116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116"
},
{
"category": "external",
"summary": "2346137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137"
},
{
"category": "external",
"summary": "RHEL-98679",
"url": "https://issues.redhat.com/browse/RHEL-98679"
},
{
"category": "external",
"summary": "RHEL-98682",
"url": "https://issues.redhat.com/browse/RHEL-98682"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16154.json"
}
],
"title": "Red Hat Security Advisory: grub2 security update",
"tracking": {
"current_release_date": "2025-09-18T09:59:58+00:00",
"generator": {
"date": "2025-09-18T09:59:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:16154",
"initial_release_date": "2025-09-18T08:45:20+00:00",
"revision_history": [
{
"date": "2025-09-18T08:45:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-18T08:45:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-18T09:59:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-1:2.12-15.el10_0.src",
"product": {
"name": "grub2-1:2.12-15.el10_0.src",
"product_id": "grub2-1:2.12-15.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2@2.12-15.el10_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-common-1:2.12-15.el10_0.noarch",
"product": {
"name": "grub2-common-1:2.12-15.el10_0.noarch",
"product_id": "grub2-common-1:2.12-15.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-common@2.12-15.el10_0?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"product": {
"name": "grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"product_id": "grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-modules@2.12-15.el10_0?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"product": {
"name": "grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"product_id": "grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-modules@2.12-15.el10_0?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-modules-1:2.12-15.el10_0.noarch",
"product": {
"name": "grub2-pc-modules-1:2.12-15.el10_0.noarch",
"product_id": "grub2-pc-modules-1:2.12-15.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc-modules@2.12-15.el10_0?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"product": {
"name": "grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"product_id": "grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le-modules@2.12-15.el10_0?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-aa64-cdboot@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-tools-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-tools-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-debugsource-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-debugsource-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.12-15.el10_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-efi-x64-cdboot@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-pc-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-pc-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-pc-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-pc@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-debugsource-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-debugsource-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-emu-debuginfo@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-efi-debuginfo@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64",
"product_id": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.12-15.el10_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-ppc64le@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-tools-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-tools-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debugsource@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-debuginfo@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-debuginfo@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-extra-debuginfo@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"product": {
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_id": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grub2-tools-minimal-debuginfo@2.12-15.el10_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-1:2.12-15.el10_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src"
},
"product_reference": "grub2-1:2.12-15.el10_0.src",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-common-1:2.12-15.el10_0.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch"
},
"product_reference": "grub2-common-1:2.12-15.el10_0.noarch",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debuginfo-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-debugsource-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-debugsource-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-debugsource-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch"
},
"product_reference": "grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-efi-x64-modules-1:2.12-15.el10_0.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch"
},
"product_reference": "grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-pc-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-pc-modules-1:2.12-15.el10_0.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch"
},
"product_reference": "grub2-pc-modules-1:2.12-15.el10_0.noarch",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-ppc64le-modules-1:2.12-15.el10_0.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch"
},
"product_reference": "grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-tools-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-tools-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
},
"product_reference": "grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45776",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-01-21T18:11:28.747000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339182"
}
],
"notes": [
{
"category": "description",
"text": "When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45776"
},
{
"category": "external",
"summary": "RHBZ#2339182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45776"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T08:45:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read."
},
{
"cve": "CVE-2024-45781",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-02-14T21:31:44.750000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345857"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. When reading a symbolic link\u0027s name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: fs/ufs: OOB write in the heap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45781"
},
{
"category": "external",
"summary": "RHBZ#2345857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45781"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45781"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T08:45:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: fs/ufs: OOB write in the heap"
},
{
"cve": "CVE-2025-0622",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-02-14T22:20:05.935000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345865"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: command/gpg: Use-after-free due to hooks not being removed on module unload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated the security impact for this flaw as Moderate due to the high privileges needed and the complexity involved to exploit this vulnerability.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-416: Use After Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute or modify code. Red Hat also enforces least functionality, enabling only essential features, services, and ports. Hardening guidelines ensure the most restrictive settings required for operations, while baseline configurations enforce safe memory allocation and deallocation practices to reduce the risk of use-after-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code and provide real-time visibility into memory usage, lowering the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0622"
},
{
"category": "external",
"summary": "RHBZ#2345865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0622"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T08:45:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: command/gpg: Use-after-free due to hooks not being removed on module unload"
},
{
"cve": "CVE-2025-0677",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-02-17T15:04:39.393000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346116"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. When performing a symlink lookup, the grub\u0027s UFS module checks the inode\u0027s data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability with Moderate severity, as it requires high privileges to exploit.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0677"
},
{
"category": "external",
"summary": "RHBZ#2346116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0677"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T08:45:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks"
},
{
"cve": "CVE-2025-1118",
"cwe": {
"id": "CWE-501",
"name": "Trust Boundary Violation"
},
"discovery_date": "2025-02-17T17:26:24.670000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in grub2. Grub\u0027s dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability with Moderate severity as it requires high privileges to exploit it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1118"
},
{
"category": "external",
"summary": "RHBZ#2346137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1118"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1118",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1118"
}
],
"release_date": "2025-02-18T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-18T08:45:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16154"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-10.0.Z:grub2-1:2.12-15.el10_0.src",
"BaseOS-10.0.Z:grub2-common-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-debugsource-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-aa64-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-cdboot-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-efi-aa64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-efi-x64-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-cdboot-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-efi-x64-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-emu-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-pc-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-ppc64le-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-ppc64le-modules-1:2.12-15.el10_0.noarch",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-efi-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-extra-debuginfo-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-1:2.12-15.el10_0.x86_64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.aarch64",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.ppc64le",
"BaseOS-10.0.Z:grub2-tools-minimal-debuginfo-1:2.12-15.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…