A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
References
| Link | Resource |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-45782 | Broken Link |
| https://bugzilla.redhat.com/show_bug.cgi?id=2345858 | Issue Tracking |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
25 Mar 2025, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE |
21 Mar 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE |
07 Mar 2025, 19:45
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-787 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
|
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2345858 - Issue Tracking | |
| References | () https://access.redhat.com/security/cve/CVE-2024-45782 - Broken Link | |
| First Time |
Gnu grub2
Redhat openshift Container Platform Redhat enterprise Linux Redhat Gnu |
03 Mar 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-03-03 17:15
Updated : 2025-03-25 05:15
NVD link : CVE-2024-45782
Mitre link : CVE-2024-45782
JSON object : View
Products Affected
redhat
- enterprise_linux
- openshift_container_platform
gnu
- grub2
CWE
No CWE.