Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45774

Опубликовано: 18 фев. 2025
Источник: redhat
CVSS3: 6.7
EPSS Низкий

Описание

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.

Отчет

Red Hat has classified this vulnerability with a Moderate severity due to the high privileges needed to exploit this flaw. Additionally, the attack vector is considered local, further limiting exploitation of this issue.

Меры по смягчению последствий

Do not process untrusted JPEG files with grub2.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10grub2Not affected
Red Hat Enterprise Linux 7grub2Out of support scope
Red Hat Enterprise Linux 8grub2Fix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred
Red Hat Enterprise Linux 9grub2FixedRHSA-2025:699013.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2337461grub2: reader/jpeg: Heap OOB Write during JPEG parsing

EPSS

Процентиль: 22%
0.00072
Низкий

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45774

CVSS3: 6.7
ubuntu
около 1 года назад

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.

nvd логотип

CVE-2024-45774

CVSS3: 6.7
nvd
около 1 года назад

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.

msrc логотип

CVE-2024-45774

CVSS3: 6.7
msrc
7 месяцев назад

Grub2: reader/jpeg: heap oob write during jpeg parsing

debian логотип

CVE-2024-45774

CVSS3: 6.7
debian
около 1 года назад

A flaw was found in grub2. A specially crafted JPEG file can cause the ...

github логотип

GHSA-f5v2-rhg6-jmg7

CVSS3: 6.7
github
около 1 года назад

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.

EPSS

Процентиль: 22%
0.00072
Низкий

6.7 Medium

CVSS3