CVE-2025-0689

High CVSS: 7.8

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.

Vendor

Gnu

Product

Grub2

CWE

CWE-120

Yayın Tarihi

2025-03-03 15:15:16

Güncelleme

2026-01-08 04:15:52

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-120 Grub2 HIGH Gnu 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-0689 https://bugzilla.redhat.com/show_bug.cgi?id=2346122 https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

Benzer Kayıtlar

High

CVE-2026-4046

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin…

Medium

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files…

High

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the…

Medium

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the…

Medium

CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t…

Medium

CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read,…