CVE-2024-45775

MEDIUM

grub2 - Memory Corruption

Title source: llm

Description

A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.

References (3)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:6990

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2024-45775

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2337481

Scores

CVSS v3 5.2

EPSS 0.0003

EPSS Percentile 7.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-252

Status published

Products (5)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9 1:2.06-104.el9_6

Red Hat/Red Hat OpenShift Container Platform 4

Published Feb 18, 2025

Tracked Since Feb 18, 2026