Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45779

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.

Published

2025-03-03T15:15:14.660

Last Modified

2025-03-25T05:15:39.697

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	grub2	≤ 2.12	Yes

References

https://access.redhat.com/security/cve/CVE-2024-45779 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2345854 Issue Tracking ([email protected])
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html Mailing List ([email protected])