CVE-2024-45780

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-45780	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345856	Issue Tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-03 15:15

Updated : 2025-03-07 22:14

NVD link : CVE-2024-45780

Mitre link : CVE-2024-45780

CVE.ORG link : CVE-2024-45780

JSON object : View

Products Affected

gnu

grub2

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-45780", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2025-03-03T15:15:14.950", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-45780", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "tags": ["Mailing List"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en grub2. Al leer archivos tar, grub2 asigna un b\u00fafer interno para el nombre del archivo. Sin embargo, no verifica correctamente la asignaci\u00f3n contra posibles desbordamientos de n\u00fameros enteros. Es posible provocar que la longitud de la asignaci\u00f3n se desborde con un archivo tar manipulado, lo que lleva a una escritura fuera de los l\u00edmites en el mont\u00f3n. Esta falla finalmente permite a un atacante eludir las protecciones de arranque seguro."}], "lastModified": "2025-03-07T22:14:56.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ECC2401-511C-4A2E-878F-C7053FA3ABB1", "versionEndIncluding": "2.12"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}