Description
When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
References (3)
Core 3
Core References
Mailing List, Vendor Advisory
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-0689
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2346122
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
22.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (1)
gnu/grub2
< 2.12
Published
Mar 03, 2025
Tracked Since
Feb 18, 2026