CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVSS v3.0 5.5 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-45778	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2345640	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

07 Mar 2025, 19:45

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:gnu:grub2:::::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2345640 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2345640 - Issue Tracking
References	~~() https://access.redhat.com/security/cve/CVE-2024-45778 -~~	() https://access.redhat.com/security/cve/CVE-2024-45778 - Broken Link
CVSS	v2 : ~~unknown~~ v3 : ~~4.1~~	v2 : unknown v3 : 5.5
First Time		Gnu grub2 Redhat openshift Container Platform Redhat enterprise Linux Redhat Gnu

03 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-03 17:15

Updated : 2025-03-07 19:45

NVD link : CVE-2024-45778

Mitre link : CVE-2024-45778

JSON object : View

Products Affected

redhat

enterprise_linux
openshift_container_platform

gnu

grub2

CWE

CWE-190

Integer Overflow or Wraparound

5.5 /10