CVE-2024-45780

Sažetak

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

Reference

https://access.redhat.com/security/cve/CVE-2024-45780
https://bugzilla.redhat.com/show_bug.cgi?id=2345856
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

CVSS

Base:	6.7
Impact:	5.9
Exploitability:	0.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

07-03-2025 - 19:37

Objavljeno

03-03-2025 - 15:15